...
A more complete syntax reference to using this mechanism can be found in the RequestMap topic. This topic will outline how to use it, show some examples, and note some potential mistakes.
Tip | |
---|---|
title | Apache UseIf you're using Apache, you should use the native ShibRequestSetting Apache command, as it's much safer, and more natural to use. If you want to use the XML syntax instead, you need to turn on the |
Table of Contents |
---|
General Structure
The XML-based syntax operates against the logical URL requested by the client, and not the physical path or file accessed. This is analagous to the difference between the Apache <Location>
and <Directory>/<Files>
distinction.
...
Each portion is then matched against the elements inside the <RequestMap> in order to locate the "deepest" (most-specific) matching element, which is then used to derive the content settings to apply to the request.
...
Assuming that the web server is appropriately configured, the table below shows which element (labelled in the XML comments above as A-G) each input URL will map to.
Request URL | Maps to... | Notes |
---|---|---|
https://internal.example.org/anything | G | |
http://internal.example.org/anything | A | the scheme is http, not https. |
http://sp.example.org/stuff | B | the path portion doesn't match |
https://sp.example.org/secure/anything | C | |
https://sp.example.org/admin/stuff | D | |
https://sp.example.org/admin/secure/anything | E | |
https://sp.example.org/combined/stuff | B | the path portion doesn't match |
https://sp.example.org/combined/path/anything | F |
General Tips
Note in the example above that none of the <Path> elements contain leading or trailing slash characters. Such characters will be stripped from the configuration and ignored, so they are insignificant.
Also note the element with a single slash labeled with a warning. An empty pathname will be ignored, and does NOT mean "anything on the parent host". Rather, the <Host> element is applied by default to any paths that don't match a child element. You don't need to specify an empty child path, in other words, to match an entire host.
However, it is allowable to include a slash inside a path expression in order to "shortcut" an expression intended to match only a subpath. This is shown in the example. It is equivalent to expand such an expression out into a set of nested <Path> elements representing the URL tree. Embedding the slash is just a shorthand.
...