Hi,
I've just got the shibboleth SP for solaris going (nearly, anyway) and its authenticating fine when I put an .htaccess file in a web folder. If I take the .htaccess away it just lets you in without authentication so it proves it is using it. The .htaccess has:
Require shibboleth
AuthType Shibboleth
ShibRequireSession On
require affiliation [log in to unmask]
but if I authenticate as a test student user (not staff@dundee) its still letting them in. i.e. it seems to be ignoring require affiliation staff.
I know this syntax works as it's the same file I use on a linux box to do exactly the same thing which behaves completely as expected and denies the student access.
If on the the solaris SP I add in the line:
ShibRequireAll On
Then it starts working as expected.
I'm just getting to grips with the syntax of these htaccess files and it's not something I normally do so I'm probably being fairly dumb.
Can any SP experts explain why there is a difference between the behaviour on linux and solaris with the same htaccess file and why it works with the ShibRequireAll On line. Basically I'm after a good working htaccess syntax I can pass to the web people to deploy.
Cheers
Andy
************************************************************
Please consider the environment. Do you really need to print this email?
|