Best way to protect ECP endpoints
cantor.2 at osu.edu
Tue Mar 27 17:16:59 EDT 2018
On 3/27/18, 5:14 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> Alright, I feel quite stupid! I never tried just commenting out the Apache Location block for the ECP endpoint and hitting > it to see what happens. Works like a charm: prompts for authentication,
It won't prompt, that is an inherent limitation of this approach. It will consume a Basic-Auth header (or in theory any HTTP authentication) but it won't challenge for one. I couldn't come up with a way to do it within the webflow.
More information about the users