Page Comparison

...

• shib-plugin (Apache 2.4 and Later OR ShibCompatWith24)
  
  • Enables the use of XML Access Control rules for access control. The single parameter is the path to an access control configuration file. The plug-in is loaded on every request, which allows on-the-fly changes of access control rules (though is less efficient if large rulesets are used). This is equivalent to the older ShibAccessControl option and can be enabled for use with older Apache versions using the ShibCompatWith24 option.
• shib-attr (Apache 2.4 and Later OR ShibCompatWith24)
  
  • The Apache 2.4 authorization API does not allow for "extensible" rule types within a single module, so to accomodate rules based on attributes, a new rule type is used. The first parameter to the rule specifies the attribute ID to check, and the rest of the parameters are used as values to check for. This rule type can be enabled for use with older Apache versions using the ShibCompatWith24 option. Note that for literal comparisons, the case sensitivity of the match is dependent on the caseSensitive property applied when the attribute is decoded.
• any string value (Apache 2.2 and Earlier, Deprecated)
  
  • Prior to Apache 2.4, any other rule type is matched against the set of attribute ID values available in the session associated with the request, and the value(s) of the corresponding attribute(s) are compared to the rest of the rule parameters. Note that for literal comparisons, the case sensitivity of the match is dependent on the caseSensitive property applied when the attribute is decoded. A future version of the SP may remove this feature and such rules should be changed to rely on shib-attr.

...

# Direct comparison
Require shib-attr affiliation student@osu.edu student@psu.edu

# Using an expression
Require shib-attr affiliation ~ ^student@(osu|psu)\.edu$

...