I work at a University. At the moment we are using Access Manager as an
Identity Provider for 2 external Shibboleth service providers.
Fortunately, the default contract is appropriate for these services.
The default contract is the username "Name/Password - Form". (However, I
have no idea how to change this other than to make another contract the
default). What I am trying to work out is this - how would I set up
authentication for another external Shibboleth service providers that
say allowed only certain types of user (for example, Alumni students) to
authenticate? My thinking is I might (theoretically) be able to write a
contract based on the "Name/Password - Form" but which also tested if
the user was an Alumni student. But then how would I associate this
contract with the specific SP, other than by making it the default,
which would then cause it to be used by all the other SPs? Is there
something in the SAML2 request that specifies which contract to use?
Can anyone enlighten me? Is there a better way of doing this? Access
Manager seems a bit inflexible to me, but then, I guess there are ways
of doing things, if you know how.
Steve Tennant

sttennant's Profile: https://forums.netiq.com/member.php?userid=389
View this thread: https://forums.netiq.com/showthread.php?t=49159