Mix Basic Auth and Shibboleth Auth

Tue Feb 20 05:23:23 EST 2018

Hi list,

this is Apache 2.4.7 and SP 2.6.0, and maybe off-topic, but maybe someon
has an idea. What I want is a call to

https://user123:password@host/protected to be handled by Apache Basic
Authentication, and a call to

https://host/protected to trigger Shibboleth SP Login. I tried several
variants of

    <Location "/protected/">
       <RequireAny>
          <RequireAll>
                AuthType Basic  (and all the other Basic params)

                Require user user123
          </RequireAll>
          <RequireAll>
                AuthType shibboleth
                ShibRequestSetting requireSession 1
                require shib-session
          </RequireAll>
        </RequireAny>
    </Location>

But none works, the redirect to SP Login is triggered unconditionally.
The list mentions using the ShibCompatValidUser flag, is this correct
that my versions of Apache and SP would not use this flag? At least I
cannot see a difference.

When I used an IP address restriction instead of Basic Auth, the setup
works as intended, but that would only be the second best choice.

Regards,

Martin

-- 
Dr. Martin Haase, Solutions Engineer

DAASI International GmbH        
Europaplatz 3                   
D-72072 Tübingen                
Germany                    

phone: +49 7071 407109-0
fax:   +49 7071 407109-9  
email: martin.haase at daasi.de
web:   www.daasi.de

Sitz der Gesellschaft: Tübingen
Registergericht: Amtsgericht Stuttgart, HRB 382175
Geschäftsleitung: Peter Gietz

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2267 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://shibboleth.net/pipermail/users/attachments/20180220/2a8aafce/attachment.p7s>