Question on Login Handlers

Manuel Haim haim at hrz.uni-marburg.de
Fri Aug 23 06:07:02 EDT 2013


Just my two cents here:

- When querying LDAP1, try using an LDAP filter which ignores
deactivated users (so no tinkering with the BIND things...)

- When trying to block users at the IdP from accessing an SP, have a
look at our access filter which is based on uApprove:
http://www.staff.uni-marburg.de/~haimm/unimr-spaccessfilter.shib2.uapprove240.2013_08_22.zip
(we have a different use case in that we need to participate in a
federation which only allows users that have been identified personally
with their ID card or passport, so no self-registration allowed)

-Manuel


More information about the users mailing list