Protecting web pages with SSO

From CT Wiki
(Difference between revisions)
Jump to: navigation, search
(Created page with "Web pages that contain confidential or privacy-sensitive content must be protected, and must be accessible only for those that need access to the information. The most conveni...")

Revision as of 16:16, 5 November 2019

Web pages that contain confidential or privacy-sensitive content must be protected, and must be accessible only for those that need access to the information. The most convenient way to restricting access, e.g. to only Nikhef internal users, is to use the single-signon (SSO) system of Nikhef on your own pages. When you enable SSO on your web pages, Nikhef users can login using their usual username and password - without you as the web page owner having to manage credentials.

Enabling SSO on your web directory

SSO can be enabled through the ".htaccess" mechanism: adding a file called ".htaccess" to the directory you need to protect. It will apply to this directory and all subordinate directories.

Add the following to this .htaccess file:

AuthType shibboleth
ShibCompatWith24 On
ShibRedirectToSSL 443
ShibRequestSetting requireSession 1
Require shib-session
Require valid-user

to allow Nikhef users (all of them that are active) access to the information.

Views
Personal tools