OneTimeUse
Brent Putman
putmanb at georgetown.edu
Thu Dec 10 14:10:10 EST 2015
On 12/10/15 1:47 PM, kripp wrote:
> I misread the documentation at
> https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPPolicyRule. I
> thought by adding <PolicyRule type="OneTimeUse"/> it would accept the
> condition,
No, it doesn't say that. I don't see that anywhere on that page.
> but it doesn't appear to be working. Is there anyway to add a
> PolicyRule so that this will be taken?
What the wiki says is you can *ignore* that condition, or any condition
specified by QName, with a PolicyRule child element like:
<PolicyRule type="Ignore">saml2:OneTimeUse</PolicyRule>
Note that the type attrib is "Ignore:, not "OneTimeUse".
Ignoring may not be what you want, but that should at least allow the
SP to accept what the IdP is sending. Maybe that's good enough for
your needs.
> It doesn't appear the post below was
> ever answered.
>
> http://shibboleth.net/pipermail/users/2014-March/014467.html
Actually it was. There's 2 responses there from Peter Schober and
Scott Cantor. Click on "Next Message". Don't know if there's supposed
to be a "next in thread" link in this mail archive site, but if you
click "Messages sorted by" -> "thread", you'll see them.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20151210/cfe1e7c9/attachment.html>
More information about the users
mailing list