Authenticated memberof group
Lipscomb, Gary
glipscomb at csu.edu.au
Tue May 2 18:47:52 EDT 2017
You can restrict access to SP's using memberof to determine group membership and then use that group membership in an intercept flow and a relying-party override to deny or allow access.
> -----Original Message-----
> From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Daniel
> McDonald
> Sent: Wednesday, 3 May 2017 8:36
> To: Shib Users <users at shibboleth.net>
> Subject: Authenticated memberof group
>
> We'd like to limit who's logging into shibboleth based on not only their
> password, but if they're in a group as well.
>
> I can return the "memberOf" attribute with a list of the users groups. I hoped
> that putting this in the ldap search filter would work but it didnt:
>
> (&(mail=$requestContext.principalName)(memberOf=CN=MyGroup,CN=Us
> ers,DC=umass,DC=net))
>
> Could someone point me in the right direction here?
>
> Thanks
> --
> To unsubscribe from this list send an email to users-
> unsubscribe at shibboleth.net
More information about the users
mailing list