Authorization using shibboleth sso
peter.schober at univie.ac.at
Fri Nov 28 07:40:45 EST 2014
* Surinaidu Majji <pioneer.suri at gmail.com> [2014-11-28 13:30]:
> So Please tell me, how to deal with attribute-resolver.xml to add
> our permissions for authorization.
You add whatever data you (i.e., the SP) needs to perform access
control, same as with any existing attributes.
E.g. if the SP requires a subject to have a specific affiliation, you
add the affiliation attribute definition to your resolver (and either
lookup the info from some system the IDP has access to, or generate
the value in the IDP on-the-fly).
More information about the users