Search Brown University

Example Shibboleth .htaccess ACL

The following example shows how to write an .htaccess ACL to restrict content using Shibboleth on a host that has the SP installed already. Your specific ACL may not look exactly like this, but I suggest reviewing attributes that are available on your SP

    # use Shibboleth to authenticate and authorize access
   AuthType shibboleth
 
   # Set ShibRequireAll to On to perform an AND operation for require statements
   # set ShibRequireAll to Off to perform an OR operation for require statements
   ShibRequireAll On
 
   # valid-user is minimum require statement to restrict access
   # BUT beware that this could allow in authenticated users from outside Brown.
   # not advisable. See below for better options
 
   require valid-user
 
   # Better to limit access at least to active members of BROWN:COMMUNITY:ALL group
   require Shibboleth-isMemberOf BROWN:COMMUNITY:ALL
   require Shibboleth-brownStatus  active
 
   # examples of course-specific ACLs to add to active members of brown:community:all ACL
 
   # allow members of Chem 1060 L01 Fall 2008
#   require Shibboleth-isMemberOf COURSE:CHEM:1060:2008-Fall:L01:All
 
   # allow members of Chem 1060 Fall 2008 all sections and labs
#   require Shibboleth-isMemberOf ~ COURSE:CHEM:1060:2008-Fall:.+:All
 
   # allow students of Chem 1060 Fall 2008 all sections and labs
#   require Shibboleth-isMemberOf ~ COURSE:CHEM:1060:2008-Fall:.+:Student
 
   # allow instructors of Chem 1060 Fall 2008 all sections and labs
#   require Shibboleth-isMemberOf ~ COURSE:CHEM:1060:2008-Fall:.+:Instructor

Comments (0)

Add a comment