Once the Apache Shibboleth Module has been installed and configured, you can add Apache Auth directives to any appropriate content-control block ( <Directory>,<File>, <Location>) in your virtual host or in .htaccess files.
To require Shibboleth authentication, you can start with these directives:
AuthType shibboleth
ShibRequestSetting requireSession 1
Require valid-user
Refer to the Apache access control documentation regarding general Apache Auth config options such as using Access Control Lists to limit access to groups of people.
Shibboleth Specific AuthConfig Options
The official Shibboleth wiki has a list of AuthConfig options you can use. You may find this list of Content Settings, which can be set with ShibRequestSetting, helpful . For example, if you want to redirect any non-ssl request for a protected page to your SSL port, you can use the following (POST requests will not work with this method):
AuthType shibboleth
ShibRequestSetting redirectToSSL 443
ShibRequestSetting requireSession 1
Require valid-user