...
There are a handful of global options that apply to the module's overall configuration and are usually left out in favor of the values generated at compile time. They also correspond to a number of environment variables that can be used in place of commands. They are generally needed only when the software is run out of a different directory from the build path.
| Corresponds to SHIBSP_PREFIX variable. |
| Corresponds to SHIBSP_CONFIG variable. |
| Corresponds to SHIBSP_SCHEMAS variable. |
Server / VirtualHost Options
An option is available for use on Apache 1.3 and early versions of 2.0 that don't support scheme virtualization (running a non-SSL virtual host behind an SSL load balancer or concentrator).
| Controls the URL scheme Apache will report to modules, should reflect the logical value seen by clients from outside your network. |
Version 2.5.2 and Above
| Default is Off, matching older behavior. Addresses a conflict when using Shibboleth in conjunction with other auth/auth modules by restoring "standard" behavior when processing the "valid-user" and "user" Require rules. See the NativeSPhtaccess topic for more detail. |
AuthConfig Options
The rest of the options supported by the module are what Apache calls "AuthConfig" options. This means they are meant to appear inside Apache content-control sections like <Directory>, <File>, or <Location>, or in .htaccess files (if the "AuthConfig" override is enabled).
...
| Code Block | ||
|---|---|---|
| ||
<Location /public> AuthType Shibboleth ShibRequestSetting requireSession false Require Shibbolethshibboleth </Location> |
Another common trick is to enable the module across an entire server or at least virtual host, but leave specific rules for authentication and access to commands in other places. This introduces a bit of inefficiency, but does simplify the rest of your configuration:
...