Apache Config - Exclude Location from Authentication

apache authentication location single-sign-on shibboleth
11,319

Solution 1

My comment towards the end regarding the exclusion of additional files being loaded by Login.html ended up being correct. I used the following format to exclude the files that were being loaded by the html file

<Location ~ "/MyApp/(Login.html|SessionTimeout.html|accessDenied.html|/badRequest.html|status|css/*|login/*|images/*|style/*|js/*|javascript/*|)">   
  Satisfy Any   
  Allow from all   
  AuthType None   
  Require all granted   
</Location>

Solution 2

When using Apache 2.4 instead of 2.2, in order to exclude "/server-status", the following was enough:

<LocationMatch "^(?!/server-status)">
    AuthType Basic
    AuthUserFile /etc/apache2/.htpasswd
    <RequireAll>
        Require ssl
        Require user valid_user_name
    </RequireAll>
</LocationMatch>

Analyzing:

  • <LocationMatch "regex"> is equivalent to <Location ~ "regex">.
  • The regex used, is pcre (perl compatible regular expressions).
  • ^(?!/server-status) means:
Share:
11,319
mekatoka
Author by

mekatoka

Updated on July 20, 2022

Comments

  • mekatoka
    mekatoka almost 2 years

    I have a web application that is being protected by a Shibboleth authentication module. My current config is as below

    <Location /MyApp>
 AuthType shibboleth
 ShibUseHeaders On
 ShibRequestSetting requireSession 1
 require shibboleth
</Location>

    The shibboleth is an authentication module that provides SSO capability and the current flow directs the user to an Identity Provider for the user to enter the login credentials. I want to be able to open up a specific URL so that the URL gets bypassed by the authentication module. I tried the below but it doesn't seem to work and I get a blank page on loading the URL

    Method 1

    <Location /MyApp/Login.html>
  Satisfy Any
  Allow from all
  AuthType None
  Require all granted
</Location>

    Method 2

    <Location /MyApp/Login.html>
  AuthType shibboleth
  ShibRequestSetting requireSession 0
  require shibboleth
</Location>

    I did some additional debugging and it appears that the problem is with additional files the Login.html loads - such as css, js etc. What is the correct way to configure this in Apache so that the Login.html can be bypassed from the authentication

    Thanks

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Purpose of the x509 certificate in metadata files on the IdP side (SSO structure)
Forward REMOTE_USER to tomcat via AJP (e.g. for shibboleth)
Sample cypress script to bypass SSO
How to integrate Azure AD SSO in flutter app
LDAP Authentication on Windows
Apache/2.4.7 (Ubuntu) AH01630: client denied by server configuration despite "Require all granted"
Apache 2.4.37 with openssl 1.1.1: cannot perform post-handshake authentication
Single Sign On with apache on windows 7 and mod_auth_sspi
NTLM authentication on Apache 2.4 with mod_authnz_sspi
SAML 2.0 SSO for Ruby on Rails?