Access: Configure Apache to Use Your Shibboleth SP

Once the Apache Shibboleth Module has been installed and configured, you can add Apache Auth directives to any appropriate content-control block ( <Directory>,<File>, <Location>) in your virtual host or in .htaccess files.

To require Shibboleth authentication, you can start with these directives:

AuthType shibboleth

ShibRequestSetting requireSession 1

Require valid-user

Refer to the Apache access control documentation regarding general Apache Auth config options such as using Access Control Lists to limit access to groups of people.

Shibboleth Specific AuthConfig Options 

The official Shibboleth wiki has a list of AuthConfig options you can use. You may find this list of Content Settings, which can be set with ShibRequestSetting, helpful . For example, if you want to redirect any non-ssl request for a protected page to your SSL port, you can use the following (POST requests will not work with this method):

AuthType shibboleth

ShibRequestSetting redirectToSSL 443

ShibRequestSetting requireSession 1

Require valid-user

Last modified

Changed

TDX ID

TDX ID
5972