SP require attributes

Andy Thompson athompson at mooreheadcomm.com
Fri May 2 13:26:18 EDT 2014

>>> On 5/2/2014 at 01:18 PM, in message
<F8255324-4803-46DC-803E-502BE3686B82 at uoregon.edu>, Kevin Foote
<kpfoote at uoregon.edu> wrote: 
> On May 2, 2014, at 10:06 AM, Andy Thompson
<athompson at mooreheadcomm.com> wrote: 
> > I'm working on setting up a native SP to authenticate against a
native IDP.  
>  In my testing with setting up attribute filters and such I've found
that if  
> the IDP doesn't return attributes to the SP, the authentication is
> successful and a session is still established successfully.  To
> against mis configuration how can I configure the SP to not establish
> session if there are no attributes returned for the authenticating
> Im assuming IIS here since you use the ‘native” terms here  
> You can request more than just valid user in your request map for
> location..  
> <Path name=“bla” authType=“shibboleth”
> <AccessControl><Rule
> </Path> 
> Rusty on the IIS / native stuff but it something like that ..  

No sorry for lack of details, wasn't sure what all information you
needed. I'm using apache.  I was playing with the require elements at
the apache level but that still allows the session to be established it
just gives an apache access error.  

I want it to kick back to the login page or to an error page and not
ever establish a session on the SP at all.



More information about the users mailing list