[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-users
Subject:    Re: error document & public directory
From:       Václav_Mach <machv () cesnet ! cz>
Date:       2018-09-18 9:47:55
Message-ID: 8f68d347-af4e-7ed0-5e9f-778737e4b13c () cesnet ! cz
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


On 9/17/18 3:27 PM, Peter Schober wrote:
> Neither this nor the originally posted version makes much sense to me.
> If you'd need the RequireAll wrapper at all I'd move the AuthType
> within it, next to Require.
> Also you'd only use "Require shibboleth" if you wanted to make sure
> the module is active for a given resource, but does *not* enforce
> authentication or authorisation. But on the next line you require
> sessions and below you even require a specific attribute value. So why
> "Require shibboleth" there?
> 
This is an example config from 
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig

>> <Location "/unauthorized.html">
>>      AuthType shibboleth
>>      Require shibboleth
>>      ShibRequestSetting requireSession 0
>> </Location>
> 
> In my own config I used "Require all granted" for such cases, and had
> such sections before ones with protection enabled, but YMMV.
That works fine, thanks for suggestion.

cheers,
Vaclav
-- 
Václav Mach
tel: +420 234 680 206
CESNET, z.s.p.o.
www.cesnet.cz


["smime.p7s" (application/pkcs7-signature)]

-- 
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe@shibboleth.net

[prev in list] [next in list] [prev in thread] [next in thread]