Group based Access Restriction using SAML

Tagged: 

This topic has 3 replies, 2 voices, and was last updated 3 years, 2 months ago by Peter Major.

  • Author
    Posts
  • #26536
     Rick521
    Participant

    Hi everyone,

    I’m currently working with SAML2 Federation on OpenAM 13.5.1 and I have a below requirement, can someone please shed some light on it.

    Thanks in Advance.

    Question?

    I have a requirement of denying access to the users who don’t exist part of a group.

    We have implemented custom attribute mapper as well, not sure if this can be don on our end though.

    We are the Hosted IDP and the resource the users are trying to access is protected resource.

    I have tried adding memberOf=”group-name” in attribute mapping section on SP Entitiy Configuration, that didn’t helped.

    I tried to add a policy in subrealm by adding a requirement of the group required, that didn’t helped too.

    can someone please provide som information on this?

    Thanks & Regards

    #26582
     Peter Major
    Moderator

    This is the relevant RFE:
    https://bugster.forgerock.org/jira/browse/OPENAM-8299

    Should be doable using a custom IdP Adapter implementation.

    #26605
     Rick521
    Participant

    thanks Peter I guess we would have to wait.

    #26606
     Peter Major
    Moderator

    Either that, or you could download the example code attached to the ticket and make it suitable for your production requirements.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?