Franchise access being authenticated by our Shibboleth IdP
Keith Carr
kecarr at sgul.ac.uk
Fri Feb 24 14:42:32 GMT 2012
On 23/02/12, Chad La Joie <lajoie at itumi.biz> wrote:
> Well, there isn't any "must" or "have to" here. What Scott and I and
> now Keith H. are trying to do is to head off a mistake we've seen over
> and over that causes problems.
>
> So, let me be as blunt as possible. Stop talking about franchises.
> It has *nothing* to do with authorization.
>
Blunt it good :)
>
>
> Create an attribute in your LDAP called "entitlement". Create
> separate values for access to SP1 ... SPN.
>
That makes sense
>
>
> When a user should have access to SP1, put the SP1 entitlement in to
> the "entitlement" attribute.
>
So all I need to do is write some JavaScript within the eduPersonEntitlement attribute definition in attribute-resolver.xml to pull out the relevant SP N entitlement from LDAP?
-Keith
>
>
> --
> Chad La Joie
> www.itumi.biz
> trusted identities, delivered
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120224/634d18e9/attachment.html
More information about the users
mailing list