...
This authentication handler supports "authenticating" users based on their IP Address.
...
Define the
...
Login Handler
The ip address authentication This login handler is defined in the handler.xml configuration file in the following manner:
...
with the element <LoginHandler xsi:type="IPAddress"> with the following required attribute:
- An username attribute, located on the AuthenticationHandler element, that defines username - the username used for all authenticated usersAn defaultDeny attribute, located on the AuthenticationHandler element, that defines
and the following optional attributes:
- defaultDeny - boolean flag that indicated whether to accept or deny by default
- One or more child AuthenticationMethod elements that give the authentication methods supported by this handler
- One or more child IPEntry elements that define the reject specified IP addresses; default: false
- authenticationDuration - length of time in minutes that the authentication method associated with this login handler is active; default: 30 minutes
Additionally the login handler must contain one or more of the following elements
<AuthenticationMethod>- element whose content is the authentication method(s) serviced by the login handler.<IPEntry>- IP addresses and ranges to allow (ifdefaultDenyis true) or deny (ifdefaultDenyis false), in CIDR notation
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<LoginHandler xsi:type="IPAddress" username="ip-user" defaultDeny="true">
<AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol</AuthenticationMethod>
<IPEntry>192.168.0.0/16</IPEntry>
</LoginHandler>
|
...