AttributeFilters to prevent specific users to use an SP?
Christopher Bongaarts
cab at umn.edu
Thu Feb 28 12:38:31 EST 2013
On 2/26/2013 12:54 PM, Kanuch, Andrew wrote:
> Is it possible to use an Attribute Filter policy to a prevent a subset
> of users from being able to pass attributes to a Specific Service provider?
>
> For example: A filter policy that allows passes user attributes
> (eduPersonAffiliation, givenName, EPPN, description) to the SP
> sp.testshib.org, **unless** the user account has the value of “Student”
> in their LDAP(AD) account description field.
I just added an example to the wiki that shows how you can do this:
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAddAttributeFilterExamples
--
%% Christopher A. Bongaarts %% cab at umn.edu %%
%% OIT - Identity Management %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
More information about the users
mailing list