NOT release rule to set of SPs
Nate Klingenstein
ndk at internet2.edu
Fri Jul 12 00:24:45 EDT 2013
Yi,
Try wrapping an NOT rule around an OR rule which itself stills need to be wrapped around the actual rules enumerating the entityID's you want to exclude.
Thanks,
Nate.
On Jul 12, 2013, at 3:55 , Qian, Yi wrote:
> Hello
>
> I have a release rule to release transient ID to every SP and we are setting up several SP sandboxes, which requires not to release the transient ID
> <afp:AttributeFilterPolicy id="releaseTransientIdToAnyone">
>
> <afp:PolicyRequirementRule xsi:type="basic:NOT">
> <basic:Rule xsi:type="basic:AttributeRequesterString"
> value="sandbox 1 SP entity ID" />
> <basic:Rule xsi:type="basic:AttributeRequesterString"
> value="sandbox 2 SP entity ID" />
> </afp:PolicyRequirementRule>
>
> <afp:AttributeRule attributeID="TransientId">
> <afp:PermitValueRule xsi:type="basic:ANY" />
> </afp:AttributeRule>
>
> </afp:AttributeFilterPolicy>
>
> But it is not working, The IdP start up complains about the rule. If I leave only one SP in the basic rule, it works.
>
> I tried several different ways, (with AND, NOT for every SP), none of them works. Apparently my google skill is not good either, the results of google did not really help
>
More information about the users
mailing list