Evolving Attribute Release Policies for campuses
kwessel at illinois.edu
Thu Apr 7 11:43:26 EDT 2016
Correct: you can do it in the filter policy, but you can't present attributes as required vs. optional on the consent screen, and I thought that's what Steve was asking about.
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Thursday, April 07, 2016 10:24 AM
To: Shib Users <users at shibboleth.net>
Subject: RE: Evolving Attribute Release Policies for campuses
> Couldn't you get this behavior, though, by setting your attribute filter
> configuration for R&S category SPs to only release if the attribute was
> requested in metadata? And optionally if no requested attributes are in
> metadata for that SP?
Yes, allowing for all the complexities of mapping between SAML attributes and the IdP's attriubutes, but that's not consent/overrideable.
> It wouldn't handle the required/optional piece as I already pointed out, but it
> would at least honor requested attributes.
You can honor isRequired in the filter policy if you want.
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users