RequestMap for IIS

Doan, Tommy tdoan at
Fri Mar 6 13:05:39 EST 2020

Right, so if I don’t protect the Host element I have to protect everything else with a few exceptions, so that’s the idea for the PathRegex element here. I have no control over what content the developers might add to the site over time. Maybe this is just how it’s done but wanted a review.

<RequestMapper type="Native">
        <Host name="" authType="shibboleth" >
            <PathRegex regex=".*" requireSession="true" />

-----Original Message-----
From: users <users-bounces at> On Behalf Of Cantor, Scott
Sent: Friday, March 6, 2020 11:51 AM
To: Shib Users <users at>
Subject: Re: RequestMap for IIS

On 3/6/20, 12:45 PM, "users on behalf of Doan, Tommy" <users-bounces at on behalf of tdoan at<mailto:users-bounces at at>> wrote:

> So what I lack is ability in the RequestMap to not protect the root –

> if I could accomplish that I think everything gets more straightforward.

It doesn't protect anything by default. The true root is only going to match the rule in the Host element.

-- Scott


For Consortium Member technical support, see

To unsubscribe from this list send an email to users-unsubscribe at<mailto:users-unsubscribe at>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list