AW: Release different value for affiliation based on service provider
Christopher Bongaarts
cab at umn.edu
Wed Nov 14 14:30:05 EST 2012
On 11/14/2012 1:20 PM, Baron Fujimoto wrote:
> Yes, that's probably a better solution for what the original poster wanted.
> In our specific case, we're mapping the (student, faculty, staff) values
> to an attribute value "member". Sometimes we might want student mapped to
> member, and sometimes not. Is there a way we could do that in the filter alone?
Yes:
- Add "member" if any qualifying values are set.
- Release "member" to a particular SP if its requirements are met.
The AttributeValueString and AttributeValueRegex filter rules are handy
for this case. See examples in the "Deny on FERPA suppression" and "AND
plus Nested OR" on:
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAddAttributeFilterExamples
--
%% Christopher A. Bongaarts %% cab at umn.edu %%
%% OIT - Identity Management %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
More information about the users
mailing list