Versions Compared

Old Version 6

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 7

changes.mady.by.user Rod Widdowson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A more complete syntax reference to using this mechanism can be found in the RequestMap topic. This topic will outline how to use it, show some examples, and note some potential mistakes.

Tip
title

Apache Use

If you're using Apache, you should use the native ShibRequestSetting Apache command, as it's much safer, and more natural to use. If you want to use the XML syntax instead, you need to turn on the UseCanonicalName Apache option to avoid security holes. Without that option, the client can supply an arbitrary hostname that will be passed into the SP and used to map settings, which obviously subverts any rules you create.

Table of Contents

General Structure

The XML-based syntax operates against the logical URL requested by the client, and not the physical path or file accessed. This is analagous to the difference between the Apache <Location> and <Directory>/<Files>distinction.

...

Assuming that the web server is appropriately configured, the table below shows which element (labelled in the XML comments above as A-G) each input URL will map to.

Request URL

Maps to...

Notes

https://internal.example.org/anything

G


http://internal.example.org/anything

A

the scheme is http, not https.

http://sp.example.org/stuff

B

the path portion doesn't match

https://sp.example.org/secure/anything

C


https://sp.example.org/admin/stuff

D


https://sp.example.org/admin/secure/anything

E


https://sp.example.org/combined/stuff

B

the path portion doesn't match

https://sp.example.org/combined/path/anything

F


General Tips

Note in the example above that none of the <Path> elements contain leading or trailing slash characters. Such characters will be stripped from the configuration and ignored, so they are insignificant.

...