SP require attributes
Kevin Foote
kpfoote at uoregon.edu
Fri May 2 13:18:20 EDT 2014
On May 2, 2014, at 10:06 AM, Andy Thompson <athompson at mooreheadcomm.com> wrote:
> I'm working on setting up a native SP to authenticate against a native IDP. In my testing with setting up attribute filters and such I've found that if the IDP doesn't return attributes to the SP, the authentication is still successful and a session is still established successfully. To protect against mis configuration how can I configure the SP to not establish a session if there are no attributes returned for the authenticating user?
Im assuming IIS here since you use the ‘native” terms here
You can request more than just valid user in your request map for that location..
<Path name=“bla” authType=“shibboleth” requireSession=“true”>
<AccessControl><Rule require=“SOMEATTRIBUTE”>VALUE</Rule></AccessContrtol>
</Path>
Rusty on the IIS / native stuff but it something like that ..
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPRequestMapPath
--------
thanks
kevin.foote
More information about the users
mailing list