The following example shows how to write an .htaccess ACL to restrict content using Shibboleth on a host that has the SP installed already. Your specific ACL may not look exactly like this, but I suggest reviewing attributes that are available on your SP
# use Shibboleth to authenticate and authorize access AuthType shibboleth # Set ShibRequireAll to On to perform an AND operation for require statements # set ShibRequireAll to Off to perform an OR operation for require statements ShibRequireAll On # valid-user is minimum require statement to restrict access # BUT beware that this could allow in authenticated users from outside Brown. # not advisable. See below for better options require valid-user # Better to limit access at least to active members of BROWN:COMMUNITY:ALL group require Shibboleth-isMemberOf BROWN:COMMUNITY:ALL require Shibboleth-brownStatus active # examples of course-specific ACLs to add to active members of brown:community:all ACL # allow members of Chem 1060 L01 Fall 2008# require Shibboleth-isMemberOf COURSE:CHEM:1060:2008-Fall:L01:All # allow members of Chem 1060 Fall 2008 all sections and labs# require Shibboleth-isMemberOf ~ COURSE:CHEM:1060:2008-Fall:.+:All # allow students of Chem 1060 Fall 2008 all sections and labs# require Shibboleth-isMemberOf ~ COURSE:CHEM:1060:2008-Fall:.+:Student # allow instructors of Chem 1060 Fall 2008 all sections and labs# require Shibboleth-isMemberOf ~ COURSE:CHEM:1060:2008-Fall:.+:Instructor |