IDP Filtering by AD group
Cantor, Scott
cantor.2 at osu.edu
Fri Apr 4 10:28:06 EDT 2014
On 4/4/14, 10:08 AM, "Goggins, Patrick" <gogginsp at uwgb.edu> wrote:
>I'm try to setup an attribute-filter entry to allow authentication if a
>user is a member of a given group in AD. The concept below is to only
>allow CompSci majors and minors access to a site.
>
>
>Attribute-filter.xml
>
><afp:PolicyRequirementRule xsi:type="basic:AND">
> <basic:Rule xsi:type="basic:AttributeRequesterString"
>value="https://fm.incommon.org/sp" />
> <PermitValueRule xsi:type="basic:OR">
That's just not valid syntax, so that's your only problem here. The log
should tell you this when you try and load the policy.
>The issue with mixing the basic rule with the PermitValueRule, any ideas?
Use <basic:Rule> for the nested rule, just like the rest of them.
-- Scott
More information about the users
mailing list