Configuring the IdP for IP Authentication
This authentication handler supports "authenticating" users based on their IP Address.
Define the Login Handler
This login handler is defined with the element
<LoginHandler xsi:type="IPAddress"> with the following required attribute:
- username - the username used for authenticated users
and the following optional attributes:
- defaultDeny - boolean flag that indicated whether to accept or reject specified IP addresses; default: false
- authenticationDuration - length of time in minutes that the authentication method associated with this login handler is active; default: 30 minutes
Additionally the login handler must contain one or more of the following elements
<AuthenticationMethod>- element whose content is the authentication method(s) serviced by the login handler.
<IPEntry>- IP addresses and ranges to allow (if
defaultDenyis true) or deny (if
defaultDenyis false), in CIDR notation
The above example will allow anyone with an IP address between
192.168.255.255 to be authenticated as the user ip-user
An IP CIDR Calculator may help in calculating the CIDR notation for an IP range.