Relying Party Access Control (by Group)

Cantor, Scott cantor.2 at
Mon May 2 17:27:29 EDT 2016

> I am trying to transition our remaining AD FS profiles over to Shibboleth (IDP
> 3). I am having an issue with one though - the particular SP is limited to
> specific users, based on AD group membership. I can't see to find docs on
> how to implement this is in Shibboleth. Can someone please point me in the
> right direction?

We don't generally consider that a function of the IdP, authz is up to the SP, with the IdP supplying the groups as attributes.

If you must, see [1].

-- Scott


More information about the users mailing list