Is it possible do different authentication based on different SP?
Kevin P. Foote
kpfoote at iup.edu
Thu Aug 16 10:16:23 EDT 2012
On Thu, 16 Aug 2012, Cantor, Scott wrote:
-> On 8/15/12 10:00 PM, "Kevin P. Foote" <kpfoote at iup.edu> wrote:
-> >Give the Engineering group an "engineering" attribute, and the sales
-> >folks a "sales" attribute at the IdP. On the SP side require one or the
-> >other for authz.
-> A less elegant and more brittle way that still avoids writing code:
-> - deploy separate login handlers
-> - use an AuthnContextClassRef in the request to map to one or the other
Ha, I started typing my reply in that vein.. but realized that the OP's issue was
not "really" authn (same ldap) but rather authz on the SP side.
So I figured, as you mentioned that the multiple LoginHandler /
AuthnContextClassRef combo would be overkill in this case.
Glad to know that my thoughts crossed in line with a shib-master :-P
More information about the users