This authentication handler supports "authenticating" users based on their IP Address.
This login handler is defined with the element <LoginHandler xsi:type="IPAddress">
with the following required attribute:
and the following optional attributes:
Additionally the login handler must contain one or more of the following elements
<AuthenticationMethod>
- element whose content is the authentication method(s) serviced by the login handler.<IPEntry>
- IP addresses and ranges to allow (if defaultDeny
is true) or deny (if defaultDeny
is false), in CIDR notation<LoginHandler xsi:type="IPAddress" username="ip-user" defaultDeny="true"> <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol</AuthenticationMethod> <IPEntry>192.168.0.0/16</IPEntry> </LoginHandler> |
The above example will allow anyone with an IP address between 192.168.0.0
and 192.168.255.255
to be authenticated as the user ip-user
An IP CIDR Calculator may help in calculating the CIDR notation for an IP range.