[prev in list] [next in list] [prev in thread] [next in thread]
List: shibboleth-users
Subject: Re: error document & public directory
From: Václav_Mach <machv () cesnet ! cz>
Date: 2018-09-18 9:47:55
Message-ID: 8f68d347-af4e-7ed0-5e9f-778737e4b13c () cesnet ! cz
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On 9/17/18 3:27 PM, Peter Schober wrote:
> Neither this nor the originally posted version makes much sense to me.
> If you'd need the RequireAll wrapper at all I'd move the AuthType
> within it, next to Require.
> Also you'd only use "Require shibboleth" if you wanted to make sure
> the module is active for a given resource, but does *not* enforce
> authentication or authorisation. But on the next line you require
> sessions and below you even require a specific attribute value. So why
> "Require shibboleth" there?
>
This is an example config from
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig
>> <Location "/unauthorized.html">
>> AuthType shibboleth
>> Require shibboleth
>> ShibRequestSetting requireSession 0
>> </Location>
>
> In my own config I used "Require all granted" for such cases, and had
> such sections before ones with protection enabled, but YMMV.
That works fine, thanks for suggestion.
cheers,
Vaclav
--
Václav Mach
tel: +420 234 680 206
CESNET, z.s.p.o.
www.cesnet.cz
["smime.p7s" (application/pkcs7-signature)]
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe@shibboleth.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic