Apache .htaccess

Please note that authorization may fail in these examples should you restrict access based on attributes your service provider is not receiving. Also, if you choose to use regular expressions, please pay close attention to substring matches and multivalued attributes. You may use regex lines likerequire UFAD_Groups ~ "(^|;)Group1($|;)" to ensure you only match an explicit value in a multivalued attribute.

Example: Require a valid Gatorlink user

AuthType shibboleth
ShibRequireSession on
require valid-user

Example: Require a specific email address

AuthType shibboleth
ShibRequireSession on
require mail alberta@ufl.edu

Example: Require a specific Gatorlink

username AuthType shibboleth
ShibRequireSession on
require glid alberta

Example: User must be a direct member in at least ONE of the UFAD groups below

AuthType shibboleth
ShibRequireSession on
require UFAD_Groups Group1
require UFAD_Groups Group2

Example: User must be a member of BOTH of the UFAD groups below

AuthType shibboleth
ShibRequireSession on
require UFAD_Groups Group1 Group2

Example: Only allow staff or faculty

AuthType shibboleth
ShibRequireSession on
require primary-affiliation ~ STAFF|FACULTY

Example: Ensure Shibboleth CGI environment variables are exposed for application-based authorization logic

AuthType shibboleth
ShibRequireSession Off
require shibboleth

University of Florida

Identity & Access Management Services

Information Technology

Apache .htaccess