Using two dataconnectors for one service provider
Nate Klingenstein
ndk at internet2.edu
Wed Apr 2 09:54:29 EDT 2014
Box's capability for handling groups may improve soon. I strongly encourage you to give them timely, detailed, precise feedback on exactly how you would like to integrate your groups with their product.
On Apr 2, 2014, at 7:41 AM, "Bryan E. Wooten" <bryan.wooten at utah.edu<mailto:bryan.wooten at utah.edu>>
wrote:
Strange, I was just on a call with Box for our Shib integration 2 weeks ago.
No mention of AD group membership. As a matter of fact they did not want us to release group memberships in the SAML assertion. They also recommended we not use their API for groups either. They said most U’s don’t use the API.
In your integration do they want direct access to your Active Directory? That sounds like a bad idea.
-Bryan
From: users-bounces at shibboleth.net<mailto:users-bounces at shibboleth.net> [mailto:users-bounces at shibboleth.net<mailto:bounces at shibboleth.net>]On Behalf Of Vignesh, Vanna G.
Sent: Wednesday, April 02, 2014 7:27 AM
To: users at shibboleth.net<mailto:users at shibboleth.net>
Subject: Using two dataconnectors for one service provider
Our Idp uses authldap as the only data connector. One of the SPs (box.com<http://box.com> provisioning) requires the user should be in AD security group too. All the mandatory attributes will be from authldap.
The user should not get successful authentication if he is not in that AD group. How can I handle this?
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140402/86f89be1/attachment.html
More information about the users
mailing list