Open /etc/httpd/conf.d/shib.conf in a text editor. If you are Not using default Apache installation, make sure this file is included in your Apache config. All the authorization rules should be defined in this file. Code Block |
---|
title | Require authentication for entire site |
---|
| <Location />
AuthType shibboleth
ShibRequestSetting requireSession 1
Require valid-user
</Location>
|
Code Block |
---|
title | Example: require Authorization by group/permit |
---|
| <Location /secure>
AuthType shibboleth
ShibRequestSetting requireSession 1
requireRequire shib-attr groups myGroup1 myGroup2
</Location> |
Code Block |
---|
title | Require TwoFactor for everyone |
---|
| <Location /superSecret>
AuthType shibboleth
ShibRequestSetting authnContextClassRef http://cornell.edu/mfa
ShibRequestSetting requireSession 1
Require shib-attr groups mySecureGroup
</Location> | Code Block |
---|
title | Authorization by affiliation |
---|
| <Location /secure>
AuthType shibboleth
ShibRequestSetting requireSession 1
Require shib-attr eduPersonAffiliations staff
</Location> |
|