By: matt dillenkoffer user 29 Jan 2016 at 1:37 p.m. CST

1 Response

It seems that when you put a user in the Gluu LDAP that user can be redirected by any registered client to Gluu for authentication and subsequently be given access to that client. My question is how would you put users in groups and say people in group A have access to clients 1, 2 and 3 but people in group B have access to clients 4, 5 and 6?

None

closed

By Michael Schwartz Account Admin 29 Jan 2016 at 2:41 p.m. CST

Copy

Its up to the RP to decide what content to display to the person. One strategy can be to filter based on a user claim. Take a look at [mod_auth_oidc](https://github.com/pingidentity/mod_auth_openidc) ... how they use the `Require claim` syntax. Also, although you have SSO across all the websites, remember that the scopes released to each client could be different.

You need to Login in order to post an answer

User client relationship question

By: matt dillenkoffer user 29 Jan 2016 at 1:37 p.m. CST

Answers

By Michael Schwartz Account Admin 29 Jan 2016 at 2:41 p.m. CST

Post an answer