Grouper Group validation for Shibboleth login

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Grouper Group validation for Shibboleth login

Aseem Keskar

Hi Team,

We have changed our SP configuration (IIS 7 server) to  provide login access to only staff Grouper group users. We have followed below mentioned steps to configure the affiliation group. But this is not working from our end. We are looking for some suggestions or any reference of configuration code which we can use for this validation. Normal Shibboleth login is working fine without adding rule to check whether user belongs to any specific grouper group.

1.       shibboleth2.xml file - Added path for staff affiliation group.

  <Path name="Staff" authType="shibboleth" requireSession="true">
               <AccessControl>
                <Rule require="ucisMemberOf">uc:org:Booth:AffiliationGroups:Staff</Rule>
                </AccessControl>
  </Path>

2.       attribute-map.xml - Added below mentioed code.

    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.5.1.1" id="ucisMemberOf"/>
    <Attribute name="urn:mace:dir:attribute-def:ucisMemberOf" id="ucisMemberOf"/>

Looking for your guidance and support to implement grouper group validation for login.

Thanks & Regards
Aseem Keskar


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]