This space contains the old OpenAthens SP documentation and is no longer maintained.
OpenAthens SP software is already out of support and will reach end of life in May 2020.

Check out OpenAthens Keystone instead. It's supercool and makes dealing with SAML much easier.

Search

Skip to end of metadata
Go to start of metadata

You can optionally restrict access via vhosts before the user gets to your application. Examples will use a static file, but these can also be configured with variables.

  # Example protected location
  <Location /var/www/mydomain.com/protected/>
    AuthType OpenAthens
    require valid-user
  </Location>

The directives and match types you can use are:

require valid-user

Syntax: require valid-user

Default: There is no default.

Scope: May only be present inside <Directory>, <Location>, and <Files> containers in the server .conf files, and in .htaccess files.

This directive has the same meaning as it does with other Apache access control modules. It grants access to all valid users, which effectively implies that no additional authorisation is performed. This directive does not have any meaning if combined with other require clauses so is typically only used alone.

require env-var

Syntax: require env-var:env_var_name[|[!]match_type] value [value] [value] [...]

Default: There is no default.

Scope: May only be present inside <Directory>, <Location>, and <Files> containers in the server .conf files, and in .htaccess files.

This directive restricts access based on a particular attribute, mapped to an environment variable. The name of the environment variable is specified after the env-var string, separated by a colon. Attributes with multiple values will be evaluated such that if at least one value matches at least one value given in this directive, then the condition is met.

require user

Syntax: require user[|[!]match_type] user_id [user_id] [user_id] [...]

Default: There is no default.

Scope: May only be present inside <Directory>, <Location>, and <Files> containers in the server .conf files, and in .htaccess files.

This directive has the same meaning as it does with other Apache access control modules. It grants access to only those users with a user id listed in the directive, but is unlikely to be used as you are likely dealing with a great many end-users.

Match types

  
 MatchPerforms a case-sensitive string match.
 CaseMatchPerforms a case-insensitive string match.
 StartsWithChecks whether a value starts with the string given in the clause. Case-sensitive.
 EndsWith

 Checks whether a value ends with the string given in the clause. Case-sensitive.

 LikeMatches a value against a given pattern. Similar to LIKE in SQL.
 RegexPerforms a regular expression match, where the value given may be a Perl-compatible Regular Expression.

 

The pattern may contain any string character, but the following characters have special meanings:

_      matches any character, exactly once.

%      matches any character(s), zero or more times

The _ or % characters may be matched literally, by escaping them with a backslash.

Additionally, a ! operator can be used to negate the outcome of the clause to which the match type is applied to allow for exception conditions.

  • No labels