Passing application context from IdP back to SP
Cantor, Scott
cantor.2 at osu.edu
Tue Nov 27 22:41:49 EST 2012
On 11/27/12 10:27 PM, "Andrei Remenchuk" <andrei144 at gmail.com> wrote:
>It wasn't obvious from the documentation that overriding IdP is possible
>in Apache conf.
The page on overrides tries to say that discovery isn't a use case that
requires them.
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApplicationOve
rride
See "Here are some use cases that usually do NOT require an additional
application be defined:"
>By "support" I meant ability to route visitors to different IDPs
>depending on which resource they're trying to access, and possibly apply
>different attribute filtering and access policies. Resource-specific
>settings answer that so far.
They do the first part and they can do access policies, but not filtering,
but normally one filtering policy can contain rules for different IdPs
anyway.
-- Scott
More information about the users
mailing list