stackoom
  简体   繁体   中英

Shibboleth - is there a way to configure Access Control as either/or logic?

 原文  2021-04-06 14:15:50       shibboleth

Question

I have a Shibboleth implementation where, in my shibboleth2.xml file, my Host section has an AccessControl Rule that requires a isMemberOf for a group and this works great.

If I add another rule for a different group, it seems to require that the user be a member of both groups.

In my use case, I want people from Group A as well as people from Group B to have access but I don't want anyone else to have access. Is there a way that I can configure AccessControl rules so that it doesn't require both groups but requires either Group A or Group B?

1 answers

solution1
 0  2021-04-15 16:05:19

It took me forever to find this but it is well-documented in the Shibboleth wiki. The issue I ran into was that I was only looking at the AccessControl documentation but needed to look at the linked XML Access Control documentation which provides more details on usage: https://wiki.shibboleth.net/confluence/display/SP3/XMLAccessControl

There are OR and AND tags that I can utilize to accomplish what I need.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can Shibboleth be integrated with Windows Azure Access Control Service? How to configure multiple IDPs in Shibboleth Configure Shibboleth native Service Provider and Apache Shibboleth - How to configure multiple Password Authentication Configurations Howto quickly configure some users for Shibboleth IdP How to Install and configure shibboleth SP in windows8? Web Login Service - Access Denied (Shibboleth IdP 3) using c# to access shibboleth session data How to install and configure shibboleth SP in windows 7 Configure Shibboleth SP with WSO2 IS IDP
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM