Opened 5 years ago
Support for more complex satisfy configurations
|Reported by:||ahutchings||Owned by:|
It would be nice to have more complex satisfy directives so that we can do more complex AuthN and AuthZ combinations. An example from RedHat of the pseudo configuration would look like:
( authenticate via Kerberos *and* authorize with different module against FreeIPA ) or ( authenticate via SAML *and* (authorize with different module against FreeIPA or authorize based on static list of groups )) or allow access from domain .internal.example.com
At the moment this would require an external daemon to handle the auth.