HTTP 401 Authorization Required returned instead of 403 Forbidden

Basics

Technical

Logistics

Basics

Technical

Logistics

Description

The comment block above the "Errors" element in shibboleth2.xml says:
"You can remove the access attribute to cause the module to return a standard 403 Forbidden error code if authorization fails, and then customize that condition using your web server."

However, removing the access attribute has mod_shib producing a "401 Authorization Required" error instead of the expected 403.

Environment

None

Activity

Show:

Scott Cantor June 23, 2009 at 12:46 PM

Closing after releases.

Scott Cantor October 14, 2008 at 4:08 PM

http://svn.middleware.georgetown.edu/view/cpp-sp?view=rev&revision=2896

Fixed

Pinned fields

Click on the next to a field label to start pinning.

Details

Assignee

Scott Cantor

Reporter

Former user(Deactivated)

Components

Fix versions

2.2

Affects versions

2.1

Created October 9, 2008 at 2:24 AM

Updated June 24, 2021 at 2:55 PM

Resolved October 14, 2008 at 4:08 PM

Configure