Using two dataconnectors for one service provider

Nate Klingenstein ndk at
Wed Apr 2 09:54:29 EDT 2014

Box's capability for handling groups may improve soon.  I strongly encourage you to give them timely, detailed, precise feedback on exactly how you would like to integrate your groups with their product.

On Apr 2, 2014, at 7:41 AM, "Bryan E. Wooten" <bryan.wooten at<mailto:bryan.wooten at>>

Strange, I was just on a call with Box for our Shib integration 2 weeks ago.

No mention of AD group membership. As a matter of fact they did not want us to release group memberships in the SAML assertion. They also recommended we not use their API for groups either. They said most U’s don’t use the API.

In your integration do they want direct access to your Active Directory? That sounds like a bad idea.


From: users-bounces at<mailto:users-bounces at> [mailto:users-bounces at<mailto:bounces at>]On Behalf Of Vignesh, Vanna G.
Sent: Wednesday, April 02, 2014 7:27 AM
To: users at<mailto:users at>
Subject: Using two dataconnectors for one service provider

Our Idp uses authldap as the only data connector. One of the SPs (<> provisioning) requires the user should be in AD security group too. All the mandatory attributes will be from authldap.
The user should not get successful authentication if he is not in that AD group. How can I handle this?
To unsubscribe from this list send an email to users-unsubscribe at<mailto:users-unsubscribe at>

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list