SAML Authentication using LDAP groups
cantor.2 at osu.edu
Wed Dec 2 09:46:25 EST 2015
On 12/2/15, 8:46 AM, "users on behalf of Cahill, Charles (GE Appliances)" <users-bounces at shibboleth.net on behalf of Charles.Cahill at ge.com> wrote:
>I was able to then configure the Apache Service Provider Shib.conf to limit who can access the website by using this location block. Keep in mind that the Protected web root is being fed is a variable and so is the group "displayname".
When you use displayName in SAML, that's about a user (the subject of the assertion), not a group. It's going to confuse the heck out of anybody coming after you. I really wouldn't do that.
More information about the users