enabling user specificed .htaccess files with Shibboleth

Cantor, Scott cantor.2 at osu.edu
Thu Aug 2 11:00:57 EDT 2012

On 8/2/12 10:56 AM, "Peter Schober" <peter.schober at univie.ac.at> wrote:
>Yeah but resource owners can change the app via .htaccess so that
>wouldn't accomplish what the OP intented, IMO.

Well, it would circumvent, but I'm assuming that the goal is more to
prevent unexpected behavior then block the option to federate.

>The only thing I can imagine the SP could do is implement something
>like httpd's AllowOverride, so that one could centrally limit what
>shib-specific stuff could be added to .htaccess
>But, again, not that I can see/understand this being necessary.

The application override thing has been noted as a concern, but I just
haven't had a chance to try and implement that. I probably can, because
the htaccess support for those settings is something I had to build pretty
elaborately anyway.

-- Scott

More information about the users mailing list