While personal sites on www.asc.ohio-state.edu can use Apache's authentication to control site access, it is also possible to utilize Shibboleth for this purpose. This is preferable, and in many ways more straightforward, than managing local accounts with .htpasswd files.
Usage
For sites that are under the www.asc.ohio-state.edu domain (e.g., www.asc.ohio-state.edu/smith.1), Shibboleth is already configured and available for use right away. For those using custom domain names for a configured virtual host, you will need to submit a ticket to asc-www@osu.edu to have that domain name registered with Shibboleth.
To protect a directory with Shibboleth, place an .htaccess file in it that starts with the following two lines:
AuthType Shibboleth
ShibRequestSetting requireSession true
The subsequent settings depend on who you want to have access to the site. To explicitly limit access to one or more specific users, use the require shib-user
directive:
AuthType Shibboleth
ShibRequestSetting requireSession true
Require shib-user foo.1 bar.2
Require shib-user spam.3
This will allow only the users foo.1, bar.2, and spam.3 to view the site.
To limit access to accounts with certain OSU affiliations, the shib-attr affiliation
rule can be applied:
AuthType Shibboleth
ShibRequestSetting requireSession true
Require shib-attr affiliation employee@osu.edu staff@osu.edu
Further Reading
Shibboleth's documentation is extensive and frequently updated. For information specific to .htaccess usage, please refer to the appropriate wiki page. Another useful page is their list of shib-attr's, available here.