passing eduPersonScopedAffiliation question.

Mike Flynn shibbolethlynda at yahoo.com
Thu Sep 27 11:26:56 EDT 2012


They supply their metadata to me via a URL: https://idpstarid.mnscu.edu/idp/profile/Metadata/SAML

Is there a simple change I can ask them to do on their side to fix this?


________________________________
 From: "Cantor, Scott" <cantor.2 at osu.edu>
To: Shib Users <users at shibboleth.net> 
Sent: Thursday, September 27, 2012 8:11 AM
Subject: Re: passing eduPersonScopedAffiliation question.
 
On 9/27/12 10:55 AM, "Mike Flynn" <shibbolethlynda at yahoo.com> wrote:
>
>I am indeed federating one on one.  What kind of filter rule would I need
>to define for this?

It depends how you're managing their metadata.

If you're hand-crafting it, you could add the Scope extension to their
metadata (see plenty of examples in various federation metadata files).

If not and you want to keep the rule serparate, you'd need to go add new
filtering policy rules to your file to explicitly allow that scope for
this one issuer. I think you'd also have to turn off the scope filtering
from the metadata for that issuer or it would just trump the new rule.
It's a lot of tinkering.

-- Scott


--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120927/97d44809/attachment.html 


More information about the users mailing list