Versions Compared

Old Version 3

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 4

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added some additional basic examples.

...

Code Block
xml
xml
titleAllow marketing and management staff, but not staff from engineering
<Host name="www.example.org" authType="shibboleth" requireSession="true">
    <Path name="topsecret">
        <AccessControl>
            <AND>
                <Rule require="employeeType">Staff</Rule>
                <OR>
                    <Rule require="ou">Marketing</Rule>
                    <Rule require="ou">Management</Rule>
                </OR>
                <NOT>
                    <Rule require="ou">Engineering</Rule>
                </NOT>
            </AND>
        </AccessControl>
    </Path>
</Host>
Code Block
xml
xml
titleProtect all content on a host

<Host name="www.example.org" authType="shibboleth" requireSession="true" />
Code Block
xml
xml
titleProtect a single directory on a host

<Host name="www.example.org" authType="shibboleth" requireSession="true">
    <Path name="private-stuff" />
</Host>

Apache-based access control

...

Code Block
titleLet in anyone from an IdP I trust
<Location /notverysecure/>
   AuthType shibboleth
   ShibRequireSession On
   require valid-user 
</Location>
Code Block
titleAnyone with a .org email by regex
<Location /orgpeople/>
   AuthType shibboleth
   ShibRequireSession On
   require mail ~ ^.*@.*.org$
</Location>