SP require attributes
Andy Thompson
athompson at mooreheadcomm.com
Fri May 2 13:26:18 EDT 2014
>>> On 5/2/2014 at 01:18 PM, in message
<F8255324-4803-46DC-803E-502BE3686B82 at uoregon.edu>, Kevin Foote
<kpfoote at uoregon.edu> wrote:
> On May 2, 2014, at 10:06 AM, Andy Thompson
<athompson at mooreheadcomm.com> wrote:
>
> > I'm working on setting up a native SP to authenticate against a
native IDP.
> In my testing with setting up attribute filters and such I've found
that if
> the IDP doesn't return attributes to the SP, the authentication is
still
> successful and a session is still established successfully. To
protect
> against mis configuration how can I configure the SP to not establish
a
> session if there are no attributes returned for the authenticating
user?
>
>
> Im assuming IIS here since you use the ‘native” terms here
> You can request more than just valid user in your request map for
that
> location..
>
> <Path name=“bla” authType=“shibboleth”
requireSession=“true”>
> <AccessControl><Rule
require=“SOMEATTRIBUTE”>VALUE</Rule></AccessContrtol>
> </Path>
>
> Rusty on the IIS / native stuff but it something like that ..
No sorry for lack of details, wasn't sure what all information you
needed. I'm using apache. I was playing with the require elements at
the apache level but that still allows the session to be established it
just gives an apache access error.
I want it to kick back to the login page or to an error page and not
ever establish a session on the SP at all.
thanks
-andy
More information about the users
mailing list