Evolving Attribute Release Policies for campuses
cantor.2 at osu.edu
Thu Apr 7 11:24:12 EDT 2016
> Couldn't you get this behavior, though, by setting your attribute filter
> configuration for R&S category SPs to only release if the attribute was
> requested in metadata? And optionally if no requested attributes are in
> metadata for that SP?
Yes, allowing for all the complexities of mapping between SAML attributes and the IdP's attriubutes, but that's not consent/overrideable.
> It wouldn't handle the required/optional piece as I already pointed out, but it
> would at least honor requested attributes.
You can honor isRequired in the filter policy if you want.
More information about the users