PathRegex Question

Johnson, Jacob (GE, Intelligent Platforms) Jacob.Johnson at ge.com
Wed Apr 2 17:14:55 EDT 2014 

 
Ive tried the nested path approach with the web application and it doesn¹t
seem to work. What we want is to have our site, gesnapshot.com SSO
protected but certain paths with in the site
gesnapshot.com/ApcDigitalDashboardService.svc/data and
gesnapshot.com/ApcDigitalDashboardService.svc/images not sso protected.
I¹ve tried putting requireSession=²true² in the host tag with the above
mentioned paths set to ³false². Here is what I have now.

 
<RequestMapper type="Native">
        <RequestMap applicationId="default">
            <Host name="gesnapshot.com">
                                <Path name="index.html"
authType="shibboleth" requireSession="true"/>
                                <Path
name="ApcDigitalDashboardService.svc" authType="shibboleth"
requireSession="true">
                                                                <Path
name="data" requireSession="false"/>
                                                                <Path
name="images" requireSession="false"/>
                                </Path>
                </Host>
        </RequestMap>
    </RequestMapper>
 
This results in no SSO authentication required at the root level
(gesnapshot.com). We want the root protected but the data and images paths
under ApcDigitalDashboardService.svc open.
 



On 4/1/14 2:37 PM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:

>
>
>On 4/1/14, 2:01 PM, "Johnson, Jacob (GE, Intelligent Platforms)"
><Jacob.Johnson at ge.com> wrote:
>>
>>I want to exclude a single file in my application from being protected by
>>SSO.  My ideas is to use <PathRegex> in shibboleth.xml to do this.
>
>Unless you can't just use nested Path elements, I would avoid that. Using
>a regex just introduces a lot of complexity you can usually avoid. I guess
>the problem would be if the single file isn't just one file, but a whole
>set of filenames that can live in many directories.
>
>>This results in nothing being SSO protected:
>
>I can tell you for sure that using a lot of advanced syntax is a
>non-starter. The regexp dialect supported is undocumented by Xerces, but
>not anything close to what Java, Perl, etc. would handle.
>
>So in your specific case, I doubt you'd be successful doing this with a
>regex, which is probably more important to your goal.
>
>-- Scott
>
>
>--
>To unsubscribe from this list send an email to
>users-unsubscribe at shibboleth.net

More information about the users mailing list