Apache Config - Exclude Location from Authentication
I have a web application that is being protected by a Shibboleth authentication module. My current config is as below
<Location /MyApp>
AuthType shibboleth
ShibUseHeaders On
ShibRequestSetting requireSession 1
require shibboleth
</Location>
The shibboleth is an authentication module that provides SSO capability and the current flow directs the user to an Identity Provider for the user to enter the login credentials. I want to be able to open up a specific URL so that the URL gets bypassed by the authentication module. I tried the below but it doesn't seem to work and I get a blank page on loading the URL
Method 1
<Location /MyApp/Login.html>
Satisfy Any
Allow from all
AuthType None
Require all granted
</Location>
Method 2
<Location /MyApp/Login.html>
AuthType shibboleth
ShibRequestSetting requireSession 0
require shibboleth
</Location>
I did some additional debugging and it appears that the problem is with additional files the Login.html loads - such as css, js etc. What is the correct way to configure this in Apache so that the Login.html can be bypassed from the authentication
Thanks
Answer
My comment towards the end regarding the exclusion of additional files being loaded by Login.html ended up being correct. I used the following format to exclude the files that were being loaded by the html file
<Location ~ "/MyApp/(Login.html|SessionTimeout.html|accessDenied.html|/badRequest.html|status|css/*|login/*|images/*|style/*|js/*|javascript/*|)">
Satisfy Any
Allow from all
AuthType None
Require all granted
</Location>