Mix Basic Auth and Shibboleth
Peter Schober
peter.schober at univie.ac.at
Sun Sep 12 11:00:48 UTC 2021
* chad phillips <chad at chadphillips.org> [2021-09-12 06:03]:
> Is it possible to have an Apache directory restricted by BOTH Shibboleth
> and Basic Auth? I would like the crawler to be able to use Basic
> Authentication, but regular users would go through Shibboleth.
https://shibboleth.net/pipermail/users/2021-June/050237.html
An example code snippet implementing that can be found here:
https://shibboleth.net/pipermail/users/2018-November/042324.html
That requires the HTTP Basic Auth client to "volunteer" the HTTP
Authorization header (instead of needing the server to challange the
client with HTTP 401).
But you could also base the conditonal logic on other criteria,
e.g. the IP range(s) the crawler comes from.
While it's not generally advisable (to be putting it mildly) to base
authn/authz logic on client-supplied data you might also evaluate a
custom HTTP Header (or U-A string) the crawler sends to trigger the
changed behaviour.
-peter
More information about the users
mailing list