OneTimeUse
kripp
kripp at compsych.com
Wed Dec 9 10:04:32 EST 2015
Hello, we are using Shibboleth as an SP and we have a new IDP which is
sending us a condition of <ns2:OneTimeUse/>. It appears to be getting
rejected by Shibboleth, detected a problem with assertion: OneTimeUse
condition not successfully validated by policy. From reading
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPPolicyRule it
looks like any condition that isn't defined in your security-policy.xml will
be denied. "In the absence of this rule, any conditions found will result
in rejection of an assertion." My question is, if I change my
security-policy as below will it affect other IDPs which are not sending
this condition? Or is there a way to allow this condition for only a given
IDP?
Thanks,
Kyle
*Currently*
....
<PolicyRule type="Conditions">
<PolicyRule type="Audience"/>
</PolicyRule>
...
*After Change*
....
<PolicyRule type="Conditions">
<PolicyRule type="Audience"/>
<PolicyRule type="OneTimeUse"/>
</PolicyRule>
...
--
View this message in context: http://shibboleth.1660669.n2.nabble.com/OneTimeUse-tp7621128.html
Sent from the Shibboleth - Users mailing list archive at Nabble.com.
More information about the users
mailing list