...
shib-plugin
(Apache 2.4 and Later ORShibCompatWith24
)- Enables the use of XML Access Control rules for access control. The single parameter is the path to an access control configuration file. The plug-in is loaded on every request, which allows on-the-fly changes of access control rules (though is less efficient if large rulesets are used). This is equivalent to the older
ShibAccessControl
option and can be enabled for use with older Apache versions using theShibCompatWith24
option.
- Enables the use of XML Access Control rules for access control. The single parameter is the path to an access control configuration file. The plug-in is loaded on every request, which allows on-the-fly changes of access control rules (though is less efficient if large rulesets are used). This is equivalent to the older
shib-attr
(Apache 2.4 and Later ORShibCompatWith24
)- The Apache 2.4 authorization API does not allow for "extensible" rule types within a single module, so to accomodate rules based on attributes, a new rule type is used. The first parameter to the rule specifies the attribute ID to check, and the rest of the parameters are used as values to check for. This rule type can be enabled for use with older Apache versions using the
ShibCompatWith24
option. Note that for literal comparisons, the case sensitivity of the match is dependent on thecaseSensitive
property applied when the attribute is decoded.
- The Apache 2.4 authorization API does not allow for "extensible" rule types within a single module, so to accomodate rules based on attributes, a new rule type is used. The first parameter to the rule specifies the attribute ID to check, and the rest of the parameters are used as values to check for. This rule type can be enabled for use with older Apache versions using the
- any string value (Apache 2.2 and Earlier, Deprecated)
- Prior to Apache 2.4, any other rule type is matched against the set of attribute ID values available in the session associated with the request, and the value(s) of the corresponding attribute(s) are compared to the rest of the rule parameters. Note that for literal comparisons, the case sensitivity of the match is dependent on the
caseSensitive
property applied when the attribute is decoded. A future version of the SP may remove this feature and such rules should be changed to rely onshib-attr
.
- Prior to Apache 2.4, any other rule type is matched against the set of attribute ID values available in the session associated with the request, and the value(s) of the corresponding attribute(s) are compared to the rest of the rule parameters. Note that for literal comparisons, the case sensitivity of the match is dependent on the
...
Code Block | ||
---|---|---|
| ||
# Direct comparison Require shib-attr affiliation student@osu.edu student@psu.edu # Using an expression Require shib-attr affiliation ~ ^student@(osu|psu)\.edu$ |
...