Using two dataconnectors for one service provider

Kevin Foote kpfoote at
Wed Apr 2 11:21:19 EDT 2014

On 4/2/14, 8:10 AM, "Cantor, Scott" <cantor.2 at> wrote:

>On 4/2/14, 11:05 AM, "Vanna" <VIGNESH at MUSC.EDU> wrote:
>>Box auto provisions a user if the user has a valid assertion from an Idp.
>>checks for the primary identifier (in this case,it is email
>>address)associated with known user.
>And if there is no identifier?
>> My question is - how can I prevent the
>>redirection to our idp login page if the user is not in that AD group or
>>can I redirect the users to our login page only if they are in that AD
>And the answer is what I already wrote, you can't, not without a custom
>login handler.

Do what Scott is suggesting.
If you don¹t want the user to have a box account don¹t send ANY attributes
back at all.
Who cares if they pass the username/password authN at your login-page.

If you want more than the box error page you have to trap the redirect
back with a custom handler like Scott also said.


More information about the users mailing list