Shib IdP 2.3.5 + ECP

Halm Reusser halm.reusser at switch.ch
Wed Nov 23 10:41:50 GMT 2011


Hi Scott,

On 23.11.11 00:08, Cantor, Scott wrote:
> I doubt it, but that's up to Java, not us. You can also just change
> the mappings to use some other path for that one handler.

Thank you for your hints. I talked with Liam about this off-list.

As far as I know, you can't do something like a url-pattern blacklist.

I /might/ solve it in uApprove. Meaning skip the filter of some
(defined) endpoints. But I think, I would have to use URLs, binding URIs
wouldn't be sufficient.

But I will ask the question what should be the "right" behavior of
uApprove. What do you expect what should happen in a ECP
authentication if the user doesn't approved the ToU and/or doesn't give
consent to attribute release?

Are the ECP requests comparable to "isPassive" requests?

-Halm


More information about the users mailing list