v3 Relying Party Overrides

Marvin Addison marvin.addison at gmail.com
Thu Apr 9 11:24:22 EDT 2015


The relying-party override mechanism in v3 is awesome and I have all sorts
of use cases that I'm trying to implement. Initially I thought that
overrides are applied relative to the default relying party, but quickly
learned they're relative to bean definitions in relying-party-system.xml.
Would it be feasible for overrides to "merge" with default relying party
values? That seems powerful and it would help avoid repetition in some of
my use cases.

Now a question: how do intersecting overrides work? It appears to be a
"first one wins" behavior, but I wanted to clarify. I would prefer a
"merge" behavior in some if not all cases. For example, a relying party "by
group" override could set some federation-wide defaults, while "by name"
overrides could provide one-offs without repeating the defaults for the
entire federation. Make sense?

Thanks,
Marvin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20150409/81ae02bc/attachment.html 


More information about the users mailing list