Hi, I've just got the shibboleth SP for solaris going (nearly, anyway) and its authenticating fine when I put an .htaccess file in a web folder. If I take the .htaccess away it just lets you in without authentication so it proves it is using it. The .htaccess has: Require shibboleth AuthType Shibboleth ShibRequireSession On require affiliation [log in to unmask] but if I authenticate as a test student user (not staff@dundee) its still letting them in. i.e. it seems to be ignoring require affiliation staff. I know this syntax works as it's the same file I use on a linux box to do exactly the same thing which behaves completely as expected and denies the student access. If on the the solaris SP I add in the line: ShibRequireAll On Then it starts working as expected. I'm just getting to grips with the syntax of these htaccess files and it's not something I normally do so I'm probably being fairly dumb. Can any SP experts explain why there is a difference between the behaviour on linux and solaris with the same htaccess file and why it works with the ShibRequireAll On line. Basically I'm after a good working htaccess syntax I can pass to the web people to deploy. Cheers Andy ************************************************************ Please consider the environment. Do you really need to print this email?