I am running an application in Apache 2.4.
The application is served out of /usr/share/myapp/cgi-bin. Access to this application is restricted to those who have authenticated with Shibboleth. The configuration (so far) looks like this:
DocumentRoot /usr/share/myapp/cgi-bin
<Directory /usr/share/myapp/cgi-bin>
SetHandler cgi-script
AuthType shibboleth
Require valid-user
</Directory>
I want certain users to be able to access the application but have a special environment variable set. So I change the above to this:
DocumentRoot /usr/share/myapp/cgi-bin
ScriptAlias "/impersonate" "/usr/share/myapp/cgi-bin"
<Location /impersonate>
AuthType shibboleth
SetEnv IMPERSONATE_USER johndoe
</Location>
<Directory /usr/share/myapp/cgi-bin>
SetHandler cgi-script
AuthType shibboleth
Require valid-user
</Directory>
This works but how do I restrict access to the /impersonate path only to specific users? I tried the following but it still allowed all users access to /impersonate:
DocumentRoot /usr/share/myapp/cgi-bin
ScriptAlias "/impersonate" "/usr/share/myapp/cgi-bin"
<Location /impersonate>
AuthType shibboleth
SetEnv IMPERSONATE_USER johndoe
<RequireAll>
require user admin
</RequireAll>
</Location>
<Directory /usr/share/myapp/cgi-bin>
SetHandler cgi-script
AuthType shibboleth
Require valid-user
</Directory>
