SP require attributes

Kevin Foote kpfoote at uoregon.edu
Fri May 2 13:18:20 EDT 2014

On May 2, 2014, at 10:06 AM, Andy Thompson <athompson at mooreheadcomm.com> wrote:

> I'm working on setting up a native SP to authenticate against a native IDP.  In my testing with setting up attribute filters and such I've found that if the IDP doesn't return attributes to the SP, the authentication is still successful and a session is still established successfully.  To protect against mis configuration how can I configure the SP to not establish a session if there are no attributes returned for the authenticating user?

Im assuming IIS here since you use the ‘native” terms here 
You can request more than just valid user in your request map for that location.. 

<Path name=“bla” authType=“shibboleth” requireSession=“true”>
<AccessControl><Rule require=“SOMEATTRIBUTE”>VALUE</Rule></AccessContrtol>

Rusty on the IIS / native stuff but it something like that .. 



More information about the users mailing list