Versions Compared

Old Version 5

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 6

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The example below would enforce a policy that allows only Ohio State faculty or students, other than a single blacklisted person, if they have authenticated with a password or a time-synchronized token.

Code Block
languagexml
<!-- Inside surrounding RequestMap... -->
<Path name="secure">
	<AccessControl>
    	<AND>
    	    <Rule require="affiliation">faculty@osu.edu student@osu.edu</Rule>
    	    <NOT>
    	        <Rule require="user">cantor.2@osu.edu</Rule>
    	    </NOT>
    	    <OR>
    	        <Rule require="authnContextClassRef">urn:oasis:names:tc:SAML:2.0:ac:classes:Password</Rule>
    	        <Rule require="authnContextClassRef">urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken</Rule>
    	    </OR>
	    </AND>
	</AccessControl>
</Path>