Apache .htaccess
Please note that authorization may fail in these examples should you restrict access based on attributes your service provider is not receiving. Also, if you choose to use regular expressions, please pay close attention to substring matches and multivalued attributes. You may use regex lines likerequire UFAD_Groups ~ "(^|;)Group1($|;)" to ensure you only match an explicit value in a multivalued attribute.
Example: Require a valid Gatorlink user
AuthType shibboleth ShibRequireSession on require valid-user
Example: Require a specific email address
AuthType shibboleth ShibRequireSession on require mail alberta@ufl.edu
Example: Require a specific Gatorlink
username AuthType shibboleth ShibRequireSession on require glid alberta
Example: User must be a direct member in at least ONE of the UFAD groups below
AuthType shibboleth ShibRequireSession on require UFAD_Groups Group1 require UFAD_Groups Group2
Example: User must be a member of BOTH of the UFAD groups below
AuthType shibboleth ShibRequireSession on require UFAD_Groups Group1 Group2
Example: Only allow staff or faculty
AuthType shibboleth ShibRequireSession on require primary-affiliation ~ STAFF|FACULTY
Example: Ensure Shibboleth CGI environment variables are exposed for application-based authorization logic
AuthType shibboleth ShibRequireSession Off require shibboleth