AttributeFilters to prevent specific users to use an SP?

Christopher Bongaarts cab at
Thu Feb 28 12:38:31 EST 2013

On 2/26/2013 12:54 PM, Kanuch, Andrew wrote:
> Is it possible to use an Attribute Filter policy to a prevent a subset
> of users from being able to pass attributes to a Specific Service provider?
> For example:  A filter policy that allows passes user attributes
> (eduPersonAffiliation, givenName, EPPN, description) to the SP
>,  **unless** the user account has the value of “Student”
> in their LDAP(AD) account description field.

I just added an example to the wiki that shows how you can do this:

%%  Christopher A. Bongaarts   %%  cab at          %%
%%  OIT - Identity Management  %%  %%
%%  University of Minnesota    %%  +1 (612) 625-1809    %%

More information about the users mailing list