Shibboleth

Skip to end of metadata
Go to start of metadata

What is Shibboleth?

WebAuth is a web site protection application that allows you to restrict access to your web pages. You can decide who sees your pages: only members of the Brown Community, or specific individuals. Users log in with their username and password to gain access to restricted sites.

How do I use Shibboleth?

If you want to restrict your entire web site (Not Recommended), simply upload an .htaccess file into the top level directory. To create a .htaccess file, you can use a tool that has been created for this purpose. The tool simply asks for you to fill in the type of restriction you would like, and will return to you the text to use.

Copy the text into a plain file, save the file as ".htaccess". Don't forget the dot in the front and make sure no other extension gets put on the file. (It's not a .txt file)  The entire name of the file should be ".htaccess" (without the quotes). Then, upload the file to your top level directory, and test.

Restricting an entire web site is not recommended as response times could be dramatically slowed. Put only files that contain protected information behind Shibboleth. For example, if your web page has images or pictures that don't need to be protected, put them in an unrestricted directory. If all html files need to be restricted, but the pages use images, pictures, includes, or style sheets that are not protected, set up two directories, one for protected items and the other for unprotected. This will help speed your page response times.

If you only want to restrict access to a few pages, create a new subdirectory on the web server, put the pages to be restricted and the .htaccess file in this directory.

Use .htaccess Tool

What different ways can I restrict access to my pages?

One way is to restrict your pages to only members of the Brown community (i.e., anyone with a valid username and password). To do that, simply check the "Restrict access to the greater Brown community" box in the htaccess Tool, leave everything else as is, and click the Generate .htaccess file button.

Another way is to specify the usernames, DNS, or IP address of the individuals who should have access to your pages. Put these usernames into the text area in the form (usernames should either be separated from one another by spaces, or one on each line, whatever is easier for you), check the box associated with that field, and click the Generate .htaccess file button.

You can also restrict access to specific groups, such as class year, all undergraduates, all graduate students or a combination of these. Here are the groups that you would use in your .htaccess file:

Category Group Name Definition Approx #
Students      
  BROWN.COMMUNITY.STUDENT.ALL All undergraduate + graduate + medical students 8,870
  BROWN.COMMUNITY.STUDENT.UNDERGRADUATE.ALL All active 1st, 2nd, 3rd and 4th year students 6,460
  BROWN.COMMUNITY.STUDENT.UNDERGRADUATE.FRESHMAN All active undergrads, semesters 0, 1 & 2 1,530
  BROWN.COMMUNITY.STUDENT.UNDERGRADUATE.SOPHOMORE All active undergrads, semesters 3 & 4 1,570
  BROWN.COMMUNITY.STUDENT.UNDERGRADUATE.JUNIOR All active undergrads, semesters 5 & 6 1,580
  BROWN.COMMUNITY.STUDENT.UNDERGRADUATE.SENIOR All active undergrads, semesters 7 & up 1,610
  BROWN.COMMUNITY.STUDENT.GRADUATE.ALL All graduate students 1,940
  BROWN.COMMUNITY.STUDENT.MEDICAL.ALL All active medical students 490
Faculty      
  BROWN.COMMUNITY.EMPLOYEE.FACULTY.ALL Campus faculty:  Includes active faculty, those exempt staff with faculty appointments, post-doctoral fellows, research house staff officers, and faculty emeritus 2,200
  BROWN.COMMUNITY.EMPLOYEE.MEDICAL.BASE Hospital-based faculty: All active medical faculty, but does NOT include clinical voluntary, research house staff officers, post-doctoral or emeritus 1,270
  BROWN.COMMUNITY.EMPLOYEE.MEDICAL.ALL Hospital-based faculty: All active medical faculty PLUS clinical voluntary, research house staff officers, post-doctoral or emeritus 3,290
  BROWN.COMMUNITY.EMPLOYEE.FACULTY.ONCAMPUS_MEDICAL BROWN.COMMUNITY.EMPLOYEE.FACULTY.ALL + BROWN.COMMUNITY.EMPLOYEE.MEDICAL.ALL 3,490
Staff      
  BROWN.COMMUNITY.EMPLOYEE.STAFF.ALL Includes all employees (exempt, non-exempt, union, limited duration) EXCEPT for faculty, medical and student 2,870

(Note: This is slightly advanced and you'd need to know the format of what an .htaccess file needs to contain)

What happens after I submit the .htaccess form?

Once you have submitted your form from the .htaccess tool, you will then be taken to a web page that has the exact contents of your .htaccess file in it. You simply need to copy that text, paste it into a plain text file, save it as .htaccess, and upload it using an SFTP client. (More specific instructions are available on that page.)

Use the .htaccess Tool

Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.