How do accept multiple authentication options in Apache?

I want to protect a path in my VirtualHost but allow users a variety of authentication options (e.g. mod-auth-cas, mod-auth-openid and mod-auth-digest.) How do I set up the virtual host definition to allow multiple auth-types for the same location?

Solution 1:

The problem with multiple authentication types is they tend to have irreconcilable protocols. You can try the technique shown in the Shibboleth documentation, where you put everything in a subdirectory, create a symlink to that directory for each authentication type you want to support, then configure each symlink location for a different authentication type.

<Location /basic>
    AuthType Basic
    AuthUserFile /path/to/.htpasswd
    require valid-user
</Location>
<Location /cas>
    AuthType CAS
    require valid-user
</Location>
<Location /openid>
    AuthOpenIDEnabled On
    require valid-user
</Location>

Solution 2:

i had the almost same situation, solved like the following:

at server config level, in the apache2.conf (assuming Debian based distros)

<AuthnProviderAlias method1 auth1_name  >
# config options
# ...
</AuthnProviderAlias>

<AuthnProviderAlias method2 auth2_name  >
# config options
# ...
</AuthnProviderAlias>

in the Virtual Host specific conf file:

<VirtualHost *>
# config options
# ...

<Location /your_location>
# config options
AuthBasicProvider auth1_name auth2_name
# other needed config options
# ...
</Location>
</VirtualHost>

in this way you can use different authorization/authentication methods with different names in the same Location directive for differnt VirtualHosts

more details of my solution in a short blog post: link text

HTH, ciao :) Gianluca

Solution 3:

Have you tried "Satisfy Any" ?