Evolving Attribute Release Policies for campuses

Wessel, Keith kwessel at illinois.edu
Thu Apr 7 11:43:26 EDT 2016

Correct: you can do it in the filter policy, but you can't present attributes as required vs. optional on the consent screen, and I thought that's what Steve was asking about.


-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Thursday, April 07, 2016 10:24 AM
To: Shib Users <users at shibboleth.net>
Subject: RE: Evolving Attribute Release Policies for campuses

> Couldn't you get this behavior, though, by setting your attribute filter
> configuration for R&S category SPs to only release if the attribute was
> requested in metadata? And optionally if no requested attributes are in
> metadata for that SP?

Yes, allowing for all the complexities of mapping between SAML attributes and the IdP's attriubutes, but that's not consent/overrideable.

> It wouldn't handle the required/optional piece as I already pointed out, but it
> would at least honor requested attributes.

You can honor isRequired in the filter policy if you want.

-- Scott

To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list