Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The first site will be given the host name

Roles based Authentication


The way in which Roles base Authentication works in IIS means that a valid REMOTE_USER must be specified. This allows the plugin to provide a Principal which hcan be interrogated for roles.

Every SP-authenticated principal will be given the role ShibUser.  Additionally the attributes 'ePa' and 'ePsa' will be queried and their values used as roles.  Hence if a user logged in via the SP and the following attributes were provided