SSO with Box

C R at
Tue Nov 25 05:39:01 EST 2014

Our approach is to only release the requested attributes (including eppn)
only when the user has a "box" entitlement (eduPersonEntitlement) in our
LDAP backend. If the entitlement is absent or gone, the login will fail.



2014-10-30 20:29 GMT+01:00 Gary Chapman <gary.chapman at>:

> Hi, we are finalizing a SAML 2.0 integration with
> We've been told that Box cannot support a common approach we take
> of releasing an eduPersonEntitlement value - the presence of which
> signals the SP to allow the incoming user to use the service, and the
> absence of which signals the SP to disallow access to the incoming user.
> Does this sound correct (i.e. no Box support for this approach) to those
> of you who've done SSO integrations with Box?
> Thanks - Gary Chapman, NYU
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list