AttributeFilters to prevent specific users to use an SP?
cantor.2 at osu.edu
Tue Feb 26 14:33:54 EST 2013
On 2/26/13 1:54 PM, "Kanuch, Andrew" <Andy.Kanuch at sdstate.edu> wrote:
>Is it possible to use an Attribute Filter policy to a prevent a subset of
>users from being able to pass attributes to a Specific Service provider?
Yes, though probably not great from a user experience point of view in
practice of course.
>I¹ve attempted to do this using some AND and NOT rules, but I don¹t
>think the Policy Requirement Rule likes having those nested because it
>breaks the 1 Rule Only rule for PolicyRequirementRule (Copy of policy
The NOT rule is limited to one child, but AND isn't.
More information about the users