I want to protect a path in my VirtualHost but allow users a variety of authentication options (e.g. mod-auth-cas, mod-auth-openid and mod-auth-digest.) How do I set up the virtual host definition to allow multiple auth-types for the same location?
Asked
Active
Viewed 2.0k times
7
James A. Rosen
- 511
4 Answers
6
The problem with multiple authentication types is they tend to have irreconcilable protocols. You can try the technique shown in the Shibboleth documentation, where you put everything in a subdirectory, create a symlink to that directory for each authentication type you want to support, then configure each symlink location for a different authentication type.
<Location /basic>
AuthType Basic
AuthUserFile /path/to/.htpasswd
require valid-user
</Location>
<Location /cas>
AuthType CAS
require valid-user
</Location>
<Location /openid>
AuthOpenIDEnabled On
require valid-user
</Location>
outis
- 1,118
5
i had the almost same situation, solved like the following:
at server config level, in the apache2.conf (assuming Debian based distros)
<AuthnProviderAlias method1 auth1_name >
# config options
# ...
</AuthnProviderAlias>
<AuthnProviderAlias method2 auth2_name >
# config options
# ...
</AuthnProviderAlias>
in the Virtual Host specific conf file:
<VirtualHost *>
# config options
# ...
<Location /your_location>
# config options
AuthBasicProvider auth1_name auth2_name
# other needed config options
# ...
</Location>
</VirtualHost>
in this way you can use different authorization/authentication methods with different names in the same Location directive for differnt VirtualHosts
more details of my solution in a short blog post: link text
HTH, ciao :) Gianluca
2
Another solution is to differentiate authentication based on the content of the HTTP header with clause:
<If "%{HTTP:Authorization} =~ /^Basic/">
AuthType Basic
AuthUserFile /path/to/.htpasswd
Require valid-user
</If>
<Elseif "%{HTTP:Authorization} =~ /^Bearer/">
AuthOpenIDEnabled On
Require valid-user
</Elseif>
<Else>
AuthType CAS
Require valid-user
</Else>
Nicolas Forney
- 121
