robot access to SP website

Peter Schober peter.schober at
Tue Jun 22 13:42:21 UTC 2021

* Jerry Shipman <jes59 at> [2021-06-22 15:33]:
> Is there an SP configuration he can use that will do something like:
> "if it's this specific robot logging in, it can use
> PasswordProtectedTransport...otherwise, everybody has to use MFA"?
> Or can you recommend some other solution to this kind of problem?

Maybe not literally "SP configuration" but in web server configuration
(Apache httpd 2.4 is particularly flexible here) that's possible based
on multiple criteria.

If you have control over the "robot" you might use client certs for
authn and then conditionally trigger SAML SSO only when no client cert
(or not HTTP Basic Auth, with whatever tokens you intend to support)
was supplied.
Or allow the robot based on IP address (though not only on IP address,

Mostly depends on what you can do on the "robot" side (is that an ECP
client, then) and what web server you're using.


More information about the users mailing list