[Fim4l] Federated access - Walk-In
Peter Schober
peter.schober at univie.ac.at
Tue Feb 25 15:58:19 CET 2020
* Rhys Smith <Rhys.Smith at jisc.ac.uk> [2020-02-25 12:20]:
> The eduPersonScopedAffiliation attribute has a value to cover this already - “library-walk-in”
>
> How that might work in practice is that the library could give those
> users who visit an account that asserts that particular
> attribute/value, or if you have open access workstations, configure
> the SAML IdP to automatically authenticate that IP address as a
> particular shared user that asserts that particular
> attribute/value.
What Rhys said.
A complete technical write-up of doing the latter with the Shibboleth
can be found here:
https://wiki.univie.ac.at/display/federation/IP-Authentication
While you may not be interested in some of the implementation details
there's also a bit of text on the principle and its limitations, e.g.:
> All subjects mapped to a given "user" will apear as one
>
> For the reason given above (subjects who don't authenticate with
> personal credentials at the IDP cannot reliably be identified by the
> IDP merely based on an IP address) the IDP cannot assert identities
> that differ (or rather: remain unchanged) per subject, as it has no
> way of knowing whether a given IP address still represents the same
> subject as moments before.
HTH,
-peter
More information about the FIM4L
mailing list