IdP to allow only users within given IP range to access a SP
Ian Rifkin
irifkin at brandeis.edu
Wed Aug 21 17:56:06 EDT 2013
Hi Stefano,
we need to limit access to a given SP to users within a given IP range.
> We can only work on the IdP side.
>
I'm not an expert, so maybe someone else can chime in, but I think it would
depend on your configuration. You can put IP restrictions in webserver and
firewall software, but you can't do that if you use the IdP for other SPs
that don't have this IP restriction. If you have a custom auth piece it
looks like you can read about
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthIP. Or perhaps
attempt something more fancy/custom.
Taking a step back, how do you currently do authentication? And what does
the SP expect to receive back from you (do they do any authorization or
does the SP just assume if they get a reply they are good?).
Regards,
Ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130821/896a232d/attachment.html
More information about the users
mailing list