Versions Compared

Old Version 8

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tip

Apache Use

If you're using Apache, you should use the native ShibRequestSetting Apache command, as it's much safer, and more natural to use. If you want to use the XML syntax instead, you need to turn on the UseCanonicalName Apache option to avoid security holes. Without that option, the client can supply an arbitrary hostname that will be passed into the SP and used to map settings, which obviously subverts any rules you create.

...

Each portion is then matched against the elements inside the <RequestMap> in order to locate the "deepest" (most-specific) matching element, which is then used to derive the content settings to apply to the request.

...