Authenticated memberof group
glipscomb at csu.edu.au
Tue May 2 18:47:52 EDT 2017
You can restrict access to SP's using memberof to determine group membership and then use that group membership in an intercept flow and a relying-party override to deny or allow access.
> -----Original Message-----
> From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Daniel
> Sent: Wednesday, 3 May 2017 8:36
> To: Shib Users <users at shibboleth.net>
> Subject: Authenticated memberof group
> We'd like to limit who's logging into shibboleth based on not only their
> password, but if they're in a group as well.
> I can return the "memberOf" attribute with a list of the users groups. I hoped
> that putting this in the ldap search filter would work but it didnt:
> Could someone point me in the right direction here?
> To unsubscribe from this list send an email to users-
> unsubscribe at shibboleth.net
More information about the users