mmoshcs Super Contributor.
Super Contributor.
776 views

Controlling what cards appear for a login

I'm likely approaching this issue from the wrong angle, please tell me if I am.

Our setup is as follows
* We have Staff, Students and Parents as objects in our eDir
* We will have several SAML 2.0 SP configured, currently we just has the TestShib one configured
* We also have our School Management System (SMS) which we want Parents to access.
* I have configured 2 different User Stores, Methods and Contracts, one of Staff and Students, another for Parents.
* There is a third contact setup to allow Staff and Students to sign in with Google, as we use Chromebooks this save them retyping their username/password
* The Parent login page is different as we need their listed email address and firstname for a sign in, this is because 2 parents could have the same email address.

That is the basics of the setup, what I want to have is
* When logging into the SMS, all 3 contracts are available in the selection.
* When logging into the IdP for a SP, only the Staff and Student contracts are available.

Is there a way of doing this? Am I approaching the problem from the wrong viewpoint? I was initially thinking we could have something like "Only these contracts available" that could be configured in the SP config.

This is with a AM 4.2 appliance.

Thanks for any help.
0 Likes
2 Replies
AutomaticReply Absent Member.
Absent Member.

Re: Controlling what cards appear for a login

mmoshcs,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Controlling what cards appear for a login

On 11/24/2016 1:56 PM, mmoshcs wrote:
>
> I'm likely approaching this issue from the wrong angle, please tell me
> if I am.
>
> Our setup is as follows
> * We have Staff, Students and Parents as objects in our eDir
> * We will have several SAML 2.0 SP configured, currently we just has the
> TestShib one configured
> * We also have our School Management System (SMS) which we want Parents
> to access.
> * I have configured 2 different User Stores, Methods and Contracts, one
> of Staff and Students, another for Parents.
> * There is a third contact setup to allow Staff and Students to sign in
> with Google, as we use Chromebooks this save them retyping their
> username/password
> * The Parent login page is different as we need their listed email
> address and firstname for a sign in, this is because 2 parents could
> have the same email address.
>
> That is the basics of the setup, what I want to have is
> * When logging into the SMS, all 3 contracts are available in the
> selection.
> * When logging into the IdP for a SP, only the Staff and Student
> contracts are available.
>
> Is there a way of doing this? Am I approaching the problem from the
> wrong viewpoint? I was initially thinking we could have something like
> "Only these contracts available" that could be configured in the SP
> config.


I'd be reluctant to show any additional contract. It would just confuse
users. I'd create the right contract (plus method and user store) for
each resource.

So, for example, if you have a resource (like SMS) where parents need
access I'd use a user store config where it only searches in the parents
context, associate that with a method of your choice and create a
contract based on that. Similar for staff only, students only and then
the various combinations. Slightly more overhead to configure but once
its in place you can cater for most scenarios.



--
Cheers,
Edward

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.