exclude a path from protection

Matthews, Lee (NIH/NIDDK) [E] lee.matthews at nih.gov
Thu Apr 28 16:28:27 UTC 2022

We have an application and it is protected using siteminder with shibboleth. Our public surveys are prompting for authentication.

In my shibboleth.xml file I have this:
<RequestMapper type="Native">
            The example requires a session for documents in /secure on the containing host with http and
            https on the default ports. Note that the name and port in the <Host> elements MUST match
            Apache's ServerName and Port directives or the IIS Site name in the <ISAPI> element above.
            <Host name="rXXXXXXX.niddk.nih.gov" authType="shibboleth" requireSession="true">
                <Path name="secure" authType="shibboleth" requireSession="true"/>
<PathRegex regex="\(api|api/|api/index.php|api/help/|api/help/index.php\)$" unset="authType requireSession"/>
<PathRegex regex="Surveys/" unset="authType requireSession"/>
<PathRegex regex="redcap_v[\.\d]*/Resources/" unset="authType requireSession"/>
<PathRegex regex="redcap_v[\.\d]*/SendIt/download\.php.*" unset="authType requireSession"/>
<PathRegex regex="redcap_v[\.\d]*/\(Design/get_fieldlabel|DataEntry/empty\)\.php$" unset="authType requireSession"/>
<PathRegex regex="plugins/open/.*" unset="authType requireSession"/>
<PathRegex regex="\(temp|edocs|webtools2\)/.*">
      <Rule require="affiliation"> BLOCK_ALL_yKWeMcXtZYUWumd+zAjKc=</Rule>
<PathRegex regex="plugins/esignature/secure/.*" forceAuthn="true"/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220428/7db3cff4/attachment.htm>

More information about the users mailing list