Intercept Flows and checking raw LDAP attributes
Cantor, Scott
cantor.2 at osu.edu
Mon Aug 3 19:28:59 EDT 2015
On 8/3/15, 7:27 PM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
>On 8/3/15, 7:20 PM, "users on behalf of Jeffrey Crawford" <users-bounces at shibboleth.net on behalf of jeffreyc at ucsc.edu> wrote:
>
>>I feel like I'm missing something simple here, I have an interrupt flow that will work based off of the context-check example, however if the SAML attribute eduPersonAffiliation is not released to the SP in question and I'm trying to check against it, I get the following in the logs.
>
>That's just how it was implemented. The next version includes a separately tracked collection of the unfiltered attributes and most of the internal components will then operate on the unfiltered set.
(The workaround until then of course being to generate an IdPAttribute in the resolver but with no AttributeEncoder attached, and it won't ever appear in any assertions whether it's released or not.)
-- Scott
More information about the users
mailing list