Use the steps below to enable Single Sign-On for your site on host.dartmouth.edu. The .htaccess file can also be modified via ssh connection to your site. More information on configuring ssh access can be found here.
Step-by-Step
-
Log in to host.dartmouth.edu and select Dashboard from the top right of the window.
-
Select Domains and toggle on the Force HTTPS Redirect for your site if it has not already been turned on.
-
Navigate back to the Dashboard and select File Manager.
-
Click the top-right Settings button.
-
In the window that appears, check the Show Hidden Files (dotfiles) option and click Save.
-
Navigate to /public_html and look for an .htaccess file. If it is not already there, click the "+ File" button in the top left and name it .htaccess.
-
If .htaccess already exists, it is recommended that you duplicate or back up its contents in case you need to revert changes.
-
Right-click or Control-Click the .htaccess file and select Edit. In the window that appears, click the Edit button. At the beginning of the file, add the following lines:
AuthType shibboleth
ShibRequestSetting requireSession true
To allow any user with a valid Dartmouth netID to sign in, add:
require shib-session
To allow users based on primary affiliation (faculty, student, staff):
require shib-attr affiliation [affiliation]@dartmouth.edu
Example for allowing only staff OR faculty:
require shib-attr affiliation staff@dartmouth.edu
require shib-attr affiliation faculty@dartmouth.edu
To allow a specific user:
require shib-user [netid]@dartmouth.edu
For multiple users:
require shib-user [netid1]@dartmouth.edu [netid2]@dartmouth.edu [netid3]@dartmouth.edu
To require multiple rules to be matched, you must combine the rules in a RequireAll block:
<RequireAll>
require shib-attr affiliation student@dartmouth.edu
require shib-attr affiliation staff@dartmouth.edu
</RequireAll>
After making the desired changes, save the file and test the configuration.
External Resources
Shibboleth htaccess Documentation