relaxed scoped attribute checking

Peter Schober peter.schober at
Fri May 16 17:30:52 EDT 2014

* Tom Scavo <trscavo at> [2014-05-16 22:01]:
> The wiki documentation is kinda weak (as in nonexistent) in this
> area...Can someone show me how to relax the scoped attribute check at
> the SP for a single IdP only?

The SP's attribute-policy.xml basically has the same rules as the
IDP's attribute filter, so use those docs.
>From a quick look one way to do that would be to change the default
"ScopingRules" PermitValueRule type from AND to OR and 'or' anything
that exists together with another rule like of type
"basic:AttributeIssuerString" and value="".

TIMTOWTDI, of course.

More information about the users mailing list