robot access to SP website
peter.schober at univie.ac.at
Tue Jun 22 13:42:21 UTC 2021
* Jerry Shipman <jes59 at cornell.edu> [2021-06-22 15:33]:
> Is there an SP configuration he can use that will do something like:
> "if it's this specific robot logging in, it can use
> PasswordProtectedTransport...otherwise, everybody has to use MFA"?
> Or can you recommend some other solution to this kind of problem?
Maybe not literally "SP configuration" but in web server configuration
(Apache httpd 2.4 is particularly flexible here) that's possible based
on multiple criteria.
If you have control over the "robot" you might use client certs for
authn and then conditionally trigger SAML SSO only when no client cert
(or not HTTP Basic Auth, with whatever tokens you intend to support)
Or allow the robot based on IP address (though not only on IP address,
Mostly depends on what you can do on the "robot" side (is that an ECP
client, then) and what web server you're using.
More information about the users