Configuring Single Sign-On (SSO) for Sites on

Use the steps below to enable Single Sign-On for your site on The .htaccess file can also be modified via ssh connection to your site. More information on configuring ssh access can be found here.


  1. Log in to and select Dashboard from the top right of the window.

  2. Select Domains and toggle on the Force HTTPS Redirect for your site if it has not already been turned on.

  3. Navigate back to the Dashboard and select File Manager.

  4. Click the top-right Settings button.

  5. In the window that appears, check the Show Hidden Files (dotfiles) option and click Save.

  6. Navigate to /public_html and look for an .htaccess file. If it is not already there, click the "+ File" button in the top left and name it .htaccess.

  7. If .htaccess already exists, it is recommended that you duplicate or back up its contents in case you need to revert changes.

  8. Right-click or Control-Click the .htaccess file and select Edit. In the window that appears, click the Edit button. At the beginning of the file, add the following lines:

AuthType shibboleth
ShibRequestSetting requireSession true

To allow any user with a valid Dartmouth netID to sign in, add:

require shib-session

To allow users based on primary affiliation (faculty, student, staff):

require shib-attr affiliation [affiliation]

Example for allowing only staff OR faculty:

require shib-attr affiliation 
require shib-attr affiliation 

To allow a specific user:

require shib-user [netid]
For multiple users:
require shib-user [netid1] [netid2] [netid3]

To require multiple rules to be matched, you must combine the rules in a RequireAll block:

  require shib-attr affiliation
  require shib-attr affiliation
After making the desired changes, save the file and test the configuration.

External Resources

Shibboleth htaccess Documentation


Article ID: 109534
Tue 6/9/20 5:09 PM
Tue 10/27/20 3:19 PM