multiple users directories depending on UPN
Douglas E Engert
deengert at gmail.com
Thu May 8 11:34:07 EDT 2014
On 5/5/2014 7:03 PM, Mauro Minella wrote:
> Hello,
>
> I’ve installed Shib 2.4.0 on Windows. It’s configured to check user credentials against Active Directory, whose details asked by the setup wizard (domain/user/pwd) and it works fine.
>
If the UPN is an actual Kerberos Principal name, the JAAS Kerberos
> Now let’s assume that users whose UPN ends by @university1.org should be verified by AD, while UPN’s ending by @university2.org should be verified against an MySQL DB. Is this possible? Is the a guide
> or something I could leverage for this purpose?
If the UPN is an actual Kerberos Principal name for the realm university2.org the JAAS Kerberos login
could be used as it will look up the KDCs for the realm. Since university.org is AD, the JAAS Kerberos
login should also work.
In either case I am pretty sure you still need in attribute-resolver 2 different data connectors,
one for each realm. Maybe you can parse the UPN and and select which data connector to use.
>
> Thank you
>
> Mauro
>
>
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>
--
Douglas E. Engert <DEEngert at gmail.com>
More information about the users
mailing list