jlrodriguez Contributor.
Contributor.
168 views

SP Initiated SAML and Authorization rule

Hi,

On a SP Initiated SAMLv2 Federation, is it possible to establish an authorization rule that deny access for users that don't have an specific role?

Reviewing the documentation I see that something like this can be done with Service Provider Brokering, but in that case it seems to indicate that it can only be used in the event that the federation is IDP Initiated.

Regards
Jose Luis
0 Likes
2 Replies
Knowledge Partner
Knowledge Partner

Re: SP Initiated SAML and Authorization rule

On 25-05-2019 4:34 AM, jlrodriguez wrote:
>
> Hi,
>
> On a SP Initiated SAMLv2 Federation, is it possible to establish an
> authorization rule that deny access for users that don't have an
> specific role?
>
> Reviewing the documentation I see that something like this can be done
> with Service Provider Brokering, but in that case it seems to indicate
> that it can only be used in the event that the federation is IDP
> Initiated.
>
> Regards
> Jose Luis
>
>


You can but not through an authz rule. You can do it from the dashboard | applications. Select the app and on the right you can add roles that are
required for a user to have in order to access it. Now the downside of it is though, NAM will not through an access denied page. Instead it'll send a
SAML token with access denied and its up to the SP to show an access denied page.

--
Cheers,
Edward
0 Likes
jlrodriguez Contributor.
Contributor.

Re: SP Initiated SAML and Authorization rule

edmaa;2500209 wrote:
On 25-05-2019 4:34 AM, jlrodriguez wrote:
>
> Hi,
>
> On a SP Initiated SAMLv2 Federation, is it possible to establish an
> authorization rule that deny access for users that don't have an
> specific role?
>
> Reviewing the documentation I see that something like this can be done
> with Service Provider Brokering, but in that case it seems to indicate
> that it can only be used in the event that the federation is IDP
> Initiated.
>
> Regards
> Jose Luis
>
>


You can but not through an authz rule. You can do it from the dashboard | applications. Select the app and on the right you can add roles that are
required for a user to have in order to access it. Now the downside of it is though, NAM will not through an access denied page. Instead it'll send a
SAML token with access denied and its up to the SP to show an access denied page.

--
Cheers,
Edward



Thanks a lot Edward! It works and has been easier than I thought!

Regards
Jose Luis
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.