Using two dataconnectors for one service provider
Kevin Foote
kpfoote at uoregon.edu
Wed Apr 2 11:21:19 EDT 2014
On 4/2/14, 8:10 AM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
>On 4/2/14, 11:05 AM, "Vanna" <VIGNESH at MUSC.EDU> wrote:
>
>>Box auto provisions a user if the user has a valid assertion from an Idp.
>>It
>>checks for the primary identifier (in this case,it is email
>>address)associated with known user.
>
>And if there is no identifier?
>
>> My question is - how can I prevent the
>>redirection to our idp login page if the user is not in that AD group or
>>how
>>can I redirect the users to our login page only if they are in that AD
>>group?
>
>And the answer is what I already wrote, you can't, not without a custom
>login handler.
Do what Scott is suggesting.
If you don¹t want the user to have a box account don¹t send ANY attributes
back at all.
Who cares if they pass the username/password authN at your login-page.
If you want more than the box error page you have to trap the redirect
back with a custom handler like Scott also said.
------
thanks,
kevin.foote
More information about the users
mailing list