I'm trying to implement SSO into my localhost website and I'm having issues with which files are being protected. For simplicity, the link takes you to a page with the URL known as localhost/test. I have a button on that page which is supposed to trigger localhost/text/index.cgi. Once the button is pressed, I want the SSO sign in page to pop up.
The issue is, I can't seem to configure it so that it's just index.cgi being protected. No matter what I try, the /test/ directory is the one being protected, as signaled by the fact that it prompts an SSO sign in when clicking the link on the homepage.
Here's what I have so far, based on some brief research I did (Assume that OIDC configuration is working, I don't think I'm allowed to share that):
<LocationMatch "^/test/((?!index.cgi).)*$">
Require all granted
</LocationMatch>
<Location /test/index.cgi>
AuthType openid-connect
Require valid-user
</Location>
These blocks are located inside my virtual host config for Apache. From what I read, the first block is supposed to allow access to all files located within /test/ except for index.cgi. The second block prompts the SSO login for index.cgi.
I've also tried using a standard Location block with /test/ with Require all granted but it still didn't work.