The order required is:
- Basic Auth - IF
Authorization is in the header
- SAML Auth
- For 2 specific locations, no auth
This is what I have, but it does not seem to work correctly
<Location "/">
AuthType Basic
AuthBasicProvider ldap
...
<If "-z req('Authorization')">
AuthType Mellon
MellonEnable auth
MellonEndpointPath /mellon/
...
</If>
</Location>
<LocationMatch "^/(notifyCommit|shuttingDown)/">
AuthType None
Allow from all
Satisfy any
Require all granted
</LocationMatch>
However, any time I try to access either of the two locations where authentication should not be required (notifyCommit or shuttingDown), I get a 401.
What am I doing wrong here? I am under the impression that Location and LocationMatch are merged together, and the order is top-to-bottom. If this is true, it should evaluate "/" first and see that auth is needed, but then find the location match section, and see that auth is not needed for /notifyCommit/ or /shuttingDown/.
I've gone through a few other related questions and tried a bunch of options, but none seemed to work, including moving the location match before the location section, and SetEnvFf Request_URI ....
EDIT
- For the two locations where authentication is not required, no username or password should be needed. It is basically anonymous access.
- The SAML/Basic auth conditional section seems to be working fine.
