Versions Compared

Version Old Version 3 New Version 4
Changes made by

Former user

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.2.0

...

  1. Log on to SSO Management application with administrative privileges
  2. Locate workflow.policy by navigating to eIDM Services and select Authorization
  3. Click Add button, navigate to eIDM Groups, choose the PendingTupasUsers group and click Ok
  4. specify a descriptive name to the new attribute, e.g. setNameID
  5. click Show values and enter the same nameID expression as earlier, omitting the label

 

Code Block
languagetext
titleListing 7. Authorization policy setNameID() attribute's example value
${nameID.format('hetu').nameQualifier ('tupas.group').spNameQualifier('tupas.group').spProvidedID(method.CUSTID).value(method.CUSTID)}

...

Code Block
languagetext
titleListing 21. UDF configuration keys in protection.properties
protection.1.methods = password.2, tupas.test.1
protection.1.sso.template = udf
protection.1.continue = https://cid.example.com/eidm2/wf/register/udf
protection.1.customeriduseronly = false

Preventing Disabled Users From Logging In Using User Driven Federation

If a user has an existing authentication method linkage that has been created using user driven federation that user can by default still use that method to access applications even though the user is later disabled. To prevent this you can modify the authorization policy for the application in Ubisecure SSO Management. Here is an example for an authorization policy attribute value definition:

    • ${eidm['user:status'].contains('1') ? 'true' : null}

Image Added

In this example the attribute has been named 'enabled'.

Then you need to add the same attribute to the list of required attributes.

Image Added

In this example the 'enabled' attribute has been added to the list of required attributes.