idpv3 attribute-resolver + PluginActivationConditions
Rod Widdowson
rdw at steadingsoftware.com
Thu Aug 27 09:13:17 EDT 2015
Answering the technical side only
> Is possible to use ExternalAttributePluginActivationConditions
> (shibboleth.Conditions.RelyingPartyId)
> (https://wiki.shibboleth.net/confluence/display/IDP30/ExternalAttributePlu
> ginActivationConditions)
> with "RelyingPartyByGroup" ?
Yes, but you would need to write the ActivationCondition yourself. Java
would be best but there is also scripted.
Note that you should not look for the EntitiesGroup directly since that may
not be present (for instance if you use the DynamicHttpMetadataResolver),
instead you need to look at the Object Metadata for the entity.
The AttributeRequesterInEntityGroupPolicyRule filter
http://tinyurl.com/ofgme5h shows you how to use it.
> And is it possible to negate ActivationConditions ?
Yes, you can compose (in Spring) com.google.common.base.Predicates.not
<bean id="...."
class="com.google.common.base.Predicates"
factory-method="not"
c:predicate-ref="PredicateToNegate"/>
Rod
More information about the users
mailing list