Mix Basic Auth and Shibboleth
Nate Klingenstein
ndk at signet.id
Sun Sep 12 04:44:31 UTC 2021
Chad,
I don't think Apache allows for multiple different AuthTypes in the same configuration stanza. It's last(or closest match) directive wins.
Shibboleth has back door authentication functionality that you should be able to wire up to the crawler. If in the instantiation you can have it create a Shibboleth session, it should then be able to crawl the rest of the site as if it had authenticated with SAML.
https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065334897/BackDoor#BackDoor-ExternalAuthenticationHandler
Alternatively, you can try these Apache gymnastics. I haven't done so myself.
https://serverfault.com/questions/884484/combine-apache-auth-providers-of-different-types-with-basic-auth-only-if-proacti/884517#884517
Replace Mellon with Shibboleth.
Hope this helps,
Nate.
--------
Signet, Inc.
The Art of Access ®
https://www.signet.id
-----Original message-----
From: chad phillips
Sent: Sunday, September 12 2021, 4:03 am
To: users at shibboleth.net
Subject: Mix Basic Auth and Shibboleth
Hi,
I have Shibboleth setup as the service provider for an Apache 2.4 server. Salesforce is our IDP and everything works well.
We want to have a web crawler crawl the access restricted portions of our website. The problem is our crawler only supports Basic Authentication.
Is it possible to have an Apache directory restricted by BOTH Shibboleth and Basic Auth? I would like the crawler to be able to use Basic Authentication, but regular users would go through Shibboleth.
I have found a few other posts of people asking the same question, but no definitive answer.
thank you
--
For Consortium Member technical support, see https://shibboleth.atlassian.net/wiki/x/ZYEpPw
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list