Attribute Based Access Control (ABAC) | WP SAML 2.0 Authentication

Attribute Based Redirection/Restriction

miniOrange Attribute Based Redirection plugin can be used to restrict and redirect users to different URL's based on SAML attributes

miniOrange Attribute Based Redirection/Restriction plugin can be used to restrict and redirect users to different URL's based on SAML attributes

Key Features

Restricts users on the bases of attributes in the SAML response, after login

You can define custom rules for Attribute based redirection and restriction

Redirection to custom page for the restricted users, after login

Highly compatible along with our WordPress SAML SSO 2.0 Plugin

Redirect users to different URL based on the attributes in the SAML response, after login

The redirection also works with attributes that are stored in some custom WordPress table instead of usermeta

$99

attribute_based_redirection_bullet Attribute Based Redirection:

miniOrange Attribute Based Login provides redirection to different pages after login, based on the user’s attributes stored in the
usermeta table of WordPress.
We can also provide redirection based on the user’s attributes which exist in some other table of WordPress.
Let’s say you want users with the attribute userType as Student to get redirected to https://www.miniorange.com/student after login.
And you want the users with the attribute userType as Staff to get redirected to https://www.miniorange.com/staff after login.
Then you can provide the following mapping under Attribute Based Redirection section.

Now, if any user is having the userType meta key value as Student or Staff, will be redirected to the corresponding configured URL after login.
Regex to Match: You can also provide a regular expression for the attribute value. If the logging in user satisfies the mapped regex, they will be redirected to the configured URL after logging in.

attribute_based_restriction_bullet Attribute Based Restriction:

miniOrange Attribute Based Login provides login restriction based on the user’s attributes sent by the Identity Provider.
Let’s say you only want the users having userType as Contributor and MemberTypeCode as 25, 26, 40, 41 or 45 to be able to login. Then you can provide the following mapping under Attribute Based Restriction section.

NOTE: You can provide semicolon separated values in case of multiple attribute values. In this case, the rule will behave like the OR condition, that is, if the attribute sent by the IDP has any of the semicolons separated values, the user will be allowed to log in.
Now, any user trying to login with the above set of attributes will be allowed to log in. But if they don’t have the above set of attributes, they will be redirected to a page configured in the Restricted user redirect URL section of the plugin.
Multi-valued Attributes: You can provide rules with duplicate attribute name. In this case, it will behave like the AND condition.

As per the above configuration, a user will be allowed to login only if the userType attribute sent by the IdP for that user has the values contributor and editor.

recommended_bullet Recommended plugin

Download the miniOrange SAML SP SSO plugin for redirecting/restricting your WordPress site's users based on SAML Attributes:

We offer Security Solutions of Single Sign-On, Two Factor Authentication, Fraud Prevention, and much more.

Please call us at +1978 658 9387 (US), +91 77966 99612 (India), or email us at samlsupport@xecurify.com