Authenticated memberof group

Cantor, Scott cantor.2 at
Tue May 2 19:35:12 EDT 2017

On 5/2/17, 7:10 PM, "Cantor, Scott" <cantor.2 at> wrote:

>> We'd like to limit who's logging into shibboleth based on not only their 
>> password, but if they're in a group as well.
> Then why don't you change your LDAP filter in the authentication check to exclude entries that aren't in the group?

This assumes you literally mean "a group", which I assumed since that's what you asked. If you're talking about limiting access to *services* based on groups (plural) , that's not limiting who's logging in at all, that's authorization. So I suspect I don't know what you really meant and David's response is more on point.

-- Scott

More information about the users mailing list