IDP Filtering by AD group

Cantor, Scott cantor.2 at
Fri Apr 4 10:28:06 EDT 2014

On 4/4/14, 10:08 AM, "Goggins, Patrick" <gogginsp at> wrote:

>I'm try to setup an attribute-filter entry to allow authentication if a
>user is a member of a given group in AD. The concept below is to only
>allow CompSci majors and minors access to a site.
><afp:PolicyRequirementRule xsi:type="basic:AND">
>        <basic:Rule xsi:type="basic:AttributeRequesterString"
>value="" />
>        <PermitValueRule  xsi:type="basic:OR">

That's just not valid syntax, so that's your only problem here. The log
should tell you this when you try and load the policy.

>The issue with mixing the basic rule with the PermitValueRule, any ideas?

Use <basic:Rule> for the nested rule, just like the rest of them.

-- Scott

More information about the users mailing list