AttributeScopeMatchesShibMDScope
Kristof Bajnok
bajnokk at niif.hu
Thu Oct 27 13:02:42 BST 2011
Hi,
what's the intention, should AttributeScopeMatchesShibMDScope evaluate
to true when there is no shibmd:Scope extension in the
IdPSSODescriptor's metadata? According to one of our recent issues, if
the other party (mis?)places the Scope element into the
EntityDescriptor, it seems to evaluate to false. If I remember
correctly, it was the same when there was no Scope element.
I would think that default SP configuration shouldn't require the
proprietary metadata extensions favouring interoperability. It's the
role of the federation to mandate the use of Scopes. However, I accept
that there are valid reasons for enforcing the scopes from software.
Anyway, it'd be great if this rule would be documented in the wiki.
Kristof
More information about the users
mailing list