Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added warning on ShibAccessControl



With SP V2.4.0, in order to use the ShibAccessControl command, you MUST explicitly set ShibRequireAll On. Otherwise, the access policy you set will have no effect because whatever Require rule you use will take over anyway, usually granting access. This was fixed in 2.4.1 and later releases.

With Apache 2.4+ the ShibAccessControl command is not supported anymore. Instead use require shib-plugin path as is described on NativeSPhtaccess.

Version 2.4.3 and Above

  • ShibExpireRedirects On|Off
    • Defaults to "On". Addresses issues with some browsers, notably Firefox 5+, that cause redirects generated by the SP to be cached, resulting in various errors following the login process. This usually manifests as a message replay error at the IdP, caused by the original redirect to the IdP being replayed. This option is enabled by default, but the older behavior can be restored, causing the cache-related headers on redirects to be governed by standard Apache settings.