ldap group authorization after successful authentication.

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

ldap group authorization after successful authentication.

I'm using Shib IdP 2 for Google SSO for email. I'm successfully authenticating users via the ShibUserPassAuth {edu.vt.middleware.ldap.jaas.LdapLoginModule} in login.config.

15:16:51.081 - INFO [edu.vt.middleware.ldap.Authenticator:297] - [TP-Processor3:] - Authentication succeeded for user

After a user authenticates using their username and password they get redirected to Google.
My question is how can I authorize that the user is a member of a specific ldap group such as 'Email' before redirecting back to Google?

Can I this be accomplished by stacking Ldap modules like so?

ShibUserPassAuth {
    edu.vt.middleware.ldap.jaas.LdapLoginModule required

    edu.vt.middleware.ldap.jaas.LdapRoleAuthorizationModule required