AccessControlConfiguration - Multiple Conditions?
Lille M
lillemacdoe at gmail.com
Mon Apr 29 19:07:11 EDT 2019
Hello List.
We currently have Status, Reloadable Services, Resolver -- accessible via
IP Address.
How do I configure for authenticated access to admin functions (beyond
uncommenting AccessByUser or AccessByAttribute)? Or is this via building a
separate UI/SP?
Is it possible to restrict access by either conditions matched:
AccessByIPAddress or AccessByUser or AccessByAttribute?
Thanks.
<util:map id="shibboleth.AccessControlPolicies">
<entry key="AccessByIPAddress">
<bean id="AccessByIPAddress"
parent="shibboleth.IPRangeAccessControl"
p:allowedRanges="#{ {'127.0.0.1/32', '::1/128'} }" />
</entry>
<!--
<entry key="AccessByUser">
<bean parent="shibboleth.PredicateAccessControl">
<constructor-arg>
<bean parent="shibboleth.Conditions.SubjectName"
c:collection="#{'jdoe'}" />
</constructor-arg>
</bean>
</entry>
-->
<!--
<entry key="AccessByAttribute">
<bean parent="shibboleth.PredicateAccessControl">
<constructor-arg>
<bean
class="net.shibboleth.idp.profile.logic.SimpleAttributePredicate">
<property name="attributeValueMap">
<map>
<entry key="eduPersonEntitlement">
<list>
<value>
https://example.org/entitlement/idpadmin</value>
</list>
</entry>
</map>
</property>
</bean>
</constructor-arg>
</bean>
</entry>
-->
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190429/c5c445fd/attachment.html>
More information about the users
mailing list