IDP configuration to bypass authentication request
Cantor, Scott
cantor.2 at osu.edu
Tue Oct 31 16:32:06 EDT 2017
> We need to allow users within a given IP range to access SPs without
> entering their credentials (on campus access).
It's not that simple, you can't just do authentication as though it's limited to one set of SPs, at least unless all of your use cases are library-centric.
> Is it possible to configure the IDP to :
>
> either bypass authentication request for browsers inside a given IP range
The IPAddress login flow comes with the software. If that were accompanied, I suppose, with some pretty deliberate work around which account(s) the system impersonated and additional work with, say, the context-check interceptor to ensure access to other SPs was blocked appropriately, it's probably feasible. It's certainly fragile and prone to accidents that could lead to some ugly results.
> or automatically redirect to WAFLess url for users outside the allowed IP
> range?
I don't know what you think that means in this context, but that's not a term I can attach any precise meaning to and be sure I'm talking about the same thing you are.
-- Scott
More information about the users
mailing list