Relying Party Access Control (by Group)
Cantor, Scott
cantor.2 at osu.edu
Mon May 2 17:27:29 EDT 2016
> I am trying to transition our remaining AD FS profiles over to Shibboleth (IDP
> 3). I am having an issue with one though - the particular SP is limited to
> specific users, based on AD group membership. I can't see to find docs on
> how to implement this is in Shibboleth. Can someone please point me in the
> right direction?
We don't generally consider that a function of the IdP, authz is up to the SP, with the IdP supplying the groups as attributes.
If you must, see [1].
-- Scott
[1] https://wiki.shibboleth.net/confluence/display/IDP30/ContextCheckInterceptConfiguration
More information about the users
mailing list