I'm a bit puzzled. We use webserver authentication (apache with Shibboleth ) with LS 1.91 without any problems. We put a proper .htacces file in the /admin directory. Users can logon and administer their surveys, respondents do go to the /admin folder so they don't need to login.
Now we are setting up a LS2 test installation. I've switched on webserver authentication and I only get it to work when I put a .htaccess file in the LS2 root folder, which requires users to login. But this means that respondents need to pass this authentication as well. When I remove it from the root folder and put it in admin/ or application/ directory, it fails to pick up the username. It's like th eauthentication is reroute to the root directory and that by doing this the user attributes are getting lost.
Is there some obvious mistake I'm making ? I'm still struggling a bit with the new YII structure.