Using the LdapRoleAuthorizationModule w/Shibboleth 2 IdP?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Using the LdapRoleAuthorizationModule w/Shibboleth 2 IdP?

Using Shibboleth IdP 2 for Google SSO for email. Successfully authenticating users via the ShibUserPassAuth {edu.vt.middleware.ldap.jaas.LdapLoginModule} in login.config.

15:16:51.081 - INFO [edu.vt.middleware.ldap.Authenticator:297] - Authentication succeeded for user

After a successful Authn with username and password the user is currently redirected back to Google.
How can I authorize that the user is a member of the 'Email' group BEFORE redirecting back?

Can this be accomplished by stacking the JAAS modules like so?

ShibUserPassAuth {

// LdapLoginModule - JAAS module which provides authentication and authorization against a LDAP.

    edu.vt.middleware.ldap.jaas.LdapLoginModule required

 //LdapRoleAuthorizationModule - JAAS module which provides authorization against a LDAP.

    edu.vt.middleware.ldap.jaas.LdapRoleAuthorizationModule required