MellonEnable does not seem to work in htaccess files or Directory statement

[rtheys]

Hi,

I have configured auth_mellon in my apache config as follows:

<Location />
    MellonEnable info
    MellonEndpointPath /mellon/
    MellonSPMetadataFile /etc/httpd/mellon/urn_sso-test.xml
    MellonSPPrivateKeyFile /etc/httpd/mellon/urn_sso-test-client.key
    MellonSPCertFile /etc/httpd/mellon/urn_sso-test-client..cert
    MellonIdPMetadataFile /etc/httpd/mellon/idp_metadata.xml
    MellonSecureCookie On
    MellonUser uid
</Location>

The document root of my apache vhost is set to /var/www/html.
I've created an .htaccess file in /var/www/html/secure1 with content:

AuthType Mellon
MellonEnable auth
Require valid-user

In the apache config, AllowOverride All is set for /var/www/html/secure1.

When I visit /secure1 on my server, my browser shows an Unauthorized message: This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

If I rename the .htaccess file and configure the settings directly in the apache configuration using a <Directory> block, I get the same issue.

It only works if I configure the above 3 settings in a Location block in my apache config.

How can I make auth_mellon work using .htaccess files? I want to configure the basic auth_mellon settings in the Location /, but allow users to enable authentication for their userdir using a .htaccess file.

Regards,
Rik