NOT release rule to set of SPs

Peter Schober peter.schober at univie.ac.at
Fri Jul 12 04:18:57 EDT 2013


* Peter Schober <peter.schober at univie.ac.at> [2013-07-12 09:40]:
> * Qian, Yi <yqian at ku.edu> [2013-07-12 05:56]:
> > I tried several different ways, (with AND, NOT for every SP), none
> > of them works. Apparently my google skill is not good either, the
> > results of google did not really help
> 
> The documentation states that NOT can only contain one Rule element:
> https://wiki.shibboleth.net/confluence/display/SHIB2/IdPFilterRequirementNOT
> 
> Directly combining several basic:AttributeRequesterString type rules
> with AND will never match as there will only ever be one requestor in
> the authN request.

I misunderstood your description above, sorry. Anyway having SPs
combined with OR and wrapped in a final NOT seems much simpler.

If you think there's a bug with certain boolean constructs feel free
to provide examples in the issue tracker for the devs to follow up.
-peter


More information about the users mailing list