Setting up IdP3 to release set of attributes only to CAS users
Jonathan Johnson
jsjohnson at unicon.net
Fri Aug 14 10:29:03 EDT 2015
Thanks for the verification.
One thing to note for posterity: expect collisions if you use a regex for the policy requirement rules on CAS services. It’s very likely that something like `^https://.*\.somegreatuniversity\.edu/.*`, for instance, is going to match some SAML SPs as well. So, depending upon your rules, you could get some unexpected behavior.
Thanks again, and look forward to 3.2.
-Jj
On August 14, 2015 at 08:35:15, Marvin Addison (marvin.addison at gmail.com) wrote:
Marvin, can you verify what version of Shibboleth you are using?
I am using a recent 3.2.0 snapshot.
I remember doing something like this a while back, but when I go to do the same in 3.1.2, the attributes are not returning.
I attempted to reproduce in 3.1.2 and confirmed the behavior you cited, and in the process recalled there was a bug for this that has been fixed for 3.2.0:
https://issues.shibboleth.net/jira/browse/IDP-762
So unfortunately group-based filtering won't work in 3.1.2 as you stated. Using a regex filter like Walter suggested should suffice as an alternative until 3.2.0 is released.
M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150814/36071439/attachment.html>
More information about the users
mailing list