exclude a path from protection

Matthews, Lee (NIH/NIDDK) [E] lee.matthews at nih.gov
Thu Apr 28 19:24:26 UTC 2022 

I ended up doing this, I suppose it is not very elegant, but it worked.
<Path name="surveys/" authType="shibboleth" requireSession="false"/>
<Path name="api/" authType="shibboleth" requireSession="false"/>
<Path name="rxxxx_v12.0.19/Resources" authType="shibboleth" requireSession="false"/>

I have zero regex skills, so I will have to see if I can find a way to do this with regex.
________________________________
From: users <users-bounces at shibboleth.net> on behalf of Matthews, Lee (NIH/NIDDK) [E] via users <users at shibboleth.net>
Sent: Thursday, April 28, 2022 12:28 PM
To: users at shibboleth.net <users at shibboleth.net>
Cc: Matthews, Lee (NIH/NIDDK) [E] <lee.matthews at nih.gov>
Subject: [EXTERNAL] exclude a path from protection


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and are confident the content is safe.


We have an application and it is protected using siteminder with shibboleth. Our public surveys are prompting for authentication.

In my shibboleth.xml file I have this:
<RequestMapper type="Native">
        <RequestMap>
            <!--
            The example requires a session for documents in /secure on the containing host with http and
            https on the default ports. Note that the name and port in the <Host> elements MUST match
            Apache's ServerName and Port directives or the IIS Site name in the <ISAPI> element above.
            -->
            <Host name="rXXXXXXX.niddk.nih.gov" authType="shibboleth" requireSession="true">
                <Path name="secure" authType="shibboleth" requireSession="true"/>
<PathRegex regex="\(api|api/|api/index.php|api/help/|api/help/index.php\)$" unset="authType requireSession"/>
<PathRegex regex="Surveys/" unset="authType requireSession"/>
<PathRegex regex="redcap_v[\.\d]*/Resources/" unset="authType requireSession"/>
<PathRegex regex="redcap_v[\.\d]*/SendIt/download\.php.*" unset="authType requireSession"/>
<PathRegex regex="redcap_v[\.\d]*/\(Design/get_fieldlabel|DataEntry/empty\)\.php$" unset="authType requireSession"/>
<PathRegex regex="plugins/open/.*" unset="authType requireSession"/>
<PathRegex regex="\(temp|edocs|webtools2\)/.*">
 <AccessControl>
      <Rule require="affiliation"> BLOCK_ALL_yKWeMcXtZYUWumd+zAjKc=</Rule>
  </AccessControl>
</PathRegex>
<PathRegex regex="plugins/esignature/secure/.*" forceAuthn="true"/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220428/6af5b9ed/attachment.htm>

More information about the users mailing list