Configuring the IdP for IP Authentication
This authentication handler supports "authenticating" users based on their IP Address.
Define the Login Handler
This login handler is defined with the element
<LoginHandler xsi:type="IPAddress"> with the following required attribute:
- username - the username used for authenticated users
and the following optional attributes:
- defaultDeny - boolean flag that indicated whether to accept or reject specified IP addresses; default: false
- authenticationDuration - length of time in minutes that the authentication method associated with this login handler is active; default: 30 minutes
Additionally the login handler must contain one or more of the following elements
<AuthenticationMethod> - element whose content is the authentication method(s) serviced by the login handler.
<IPEntry> - IP addresses and ranges to allow (if
defaultDeny is true) or deny (if
defaultDeny is false), in CIDR notation
<LoginHandler xsi:type="IPAddress" username="ip-user" defaultDeny="true">
The above example will allow anyone with an IP address between
192.168.255.255 to be authenticated as the user ip-user
An IP CIDR Calculator may help in calculating the CIDR notation for an IP range.