relaxed scoped attribute checking
peter.schober at univie.ac.at
Fri May 16 17:30:52 EDT 2014
* Tom Scavo <trscavo at gmail.com> [2014-05-16 22:01]:
> The wiki documentation is kinda weak (as in nonexistent) in this
> area...Can someone show me how to relax the scoped attribute check at
> the SP for a single IdP only?
The SP's attribute-policy.xml basically has the same rules as the
IDP's attribute filter, so use those docs.
>From a quick look one way to do that would be to change the default
"ScopingRules" PermitValueRule type from AND to OR and 'or' anything
that exists together with another rule like of type
"basic:AttributeIssuerString" and value="https://idp.example.org/entity".
TIMTOWTDI, of course.
More information about the users