Authenticated memberof group
Cantor, Scott
cantor.2 at osu.edu
Tue May 2 19:35:12 EDT 2017
On 5/2/17, 7:10 PM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
>> We'd like to limit who's logging into shibboleth based on not only their
>> password, but if they're in a group as well.
>
> Then why don't you change your LDAP filter in the authentication check to exclude entries that aren't in the group?
This assumes you literally mean "a group", which I assumed since that's what you asked. If you're talking about limiting access to *services* based on groups (plural) , that's not limiting who's logging in at all, that's authorization. So I suspect I don't know what you really meant and David's response is more on point.
-- Scott
More information about the users
mailing list