0

I have a Drupal installation configured with shib_auth and some mod_rewrite rules in the top level directory to ensure that users hiting the site are signed in. This is working correctly.

But I have one module that provides a sort of API which is secured by Oauth. I need an exception so the API path does not get-redirected to SSO.

The path I want to except is: https://base-url/h5p/d2l/launch

I have attempted to use: RewriteRule ^h5p - [L] But this doesn't appear to be working.

The full mod_rewrite rule is below:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
#RewriteRule ^h5p - [L]
RewriteRule ^Shibboleth\.sso - [L]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Any help is appreciated.

Kirby
  • 155
  • 7
  • Welcome to StackOverflow. So everyone is clear you're trying to get all users redirected to SSO, but you want the API to be able to authenticate against Drupal at a custom path? – acrosman Nov 17 '16 at 01:17
  • Hi, thanks for the response. No the API does not need to be able to authenticate against Drupal. It is an un authenticated public API. I merely need to exempt the API path from the re-write rule. As the API expects a POST request which is stripped out after the SSO process is complete. The SSO or any Drupal auth is not required on the api path. I hope this is clearer – Kirby Nov 18 '16 at 04:46
  • Is `/h5p/d2l/launch` an actual path? Or is it a pretty URL that Drupal is supposed to handle? – Walf Nov 18 '16 at 11:28
  • Its a pretty path that drupal handles. actual path would be /sites/all/modules/h5p/views – Kirby Nov 20 '16 at 21:08

0 Answers0