Using Shibboleth

Using Shibboleth

Department users can use Shibboleth authentication to control access to material on the web to the Duke community based on their Duke NetID. Shibboleth is now the preferred method for web-based NetID authentication, replacing the older webauth.

Setting up a basic Shibboleth page is very simple and can be done using .htaccess files. In the directory requiring authentication, create an .htaccess file with the following contents:

	AuthType shibboleth
	ShibRequireSession On
	Require user fred@duke.edu jrt34@duke.edu mary@duke.edu

This file will grant access only to users whose Duke NetIDs are fred, jrt34, or mary. Note that the user must be specficied as NetID@duke.edu to work properly.

If you wish to allow access to any valid Duke user, change the last line as shown in this example:

	AuthType shibboleth
	ShibRequireSession On
	Require valid-user

For users who wish to provide more detailed access, Shibboleth will return several variable in the SERVER array, which can be accessed by web applications. To see a list of these variables, you can authenticate with this example page. If you have any questions about how to implement this, please contact the Lab Staff for more details.