Carnegie Mellon University Website Home Page
 

Restricting Web Page Access

If your web service uses Web Login for authentication, web server administrators can use the following method to restrict access based on Carnegie Mellon groups:

Services Using Web Login (Recommended)

Web services that have adopted Shibboleth-based, Web Login are eligible for improved methods of extracting information for authentication.  Your web service can be provisioned in a way to pull group, real name or other information for which you are entitled with no need to access the mod_ldapauthz module. For help with configuration, refer to the Shibboleth Authentication document.

mod_ldapauthz

Web Login based services can use the mod_ldapauthz module to restrict access based on Carnegie Mellon groups; for help, refer to Configuring the mod_ldapauthz Module. If your service is already configured for mod_ldapauthz, but you are now authenticating through Web Login, mod_ldapauthz will continue to work; however, keep in mind that your service would be eligible for additional authentication capabilities if you use the Web Login/Shibboleth configuration steps (see above).

Last Updated: 8/29/13