Configuring Attribute Release Consent with SP blacklist
Terry Smith
t.smith at aaf.edu.au
Tue Apr 12 01:50:33 EDT 2016
Hi Gary,
It is possible to suppress the user consent dialog for specific services.
This provides for backwards compatibility with IdPv2's uApprove's
services/services.blacklist settings, which is the behavior you wish to
retain.
The configuration is in the relying-party.xml file and in controlled by
the p:postAuthenticationFlows="attribute-release" which is set in
<bean parent="Shibboleth.SSO"
p:postAuthenticationFlows="attribute-release" /> and
<bean parent="SAML2.SSO" p:postAuthenticationFlows="attribute-release"
/>
So in your relying-party.xml add an RelyingPartyOverrides to turn off
attribute-release as follows for each SP where you want to "blacklist" user
consent.
<util:list id="shibboleth.RelyingPartyOverrides">
<bean parent="RelyingPartyByName"
c:relyingPartyIds="#{{'https://a.example.com/shibboleth', '
https://b.example.com/shibboleth'}}"
<https://b.example.com/shibboleth%27%7D%7D>>
<property name="profileConfigurations">
<list>
<bean parent="Shibboleth.SSO"/>
<bean parent="SAML2.SSO" />
</list>
</property>
</bean>
</util:list>
You will find an empty RelyingPartyOverrides container at the end of the
default relying-party.xml file.
Thanks,
Terry.
On Tue, Apr 12, 2016 at 2:08 PM, Lipscomb, Gary <glipscomb at csu.edu.au>
wrote:
> We are converting from v2 to v3 and wish to retain the v2 uApprove
> functionality whereby you can provide a blacklist of SP’s to which
> attribute release consent was not required since these are internal SP’s
> whereby consent has already been given by accepting the Universities’ ToU.
>
>
>
> Is this possible in v3? I can’t find anything in the wiki.
>
> If not is there a workaround with example code?
>
>
>
> Regards
>
>
>
> Gary
>
>
>
> Charles Sturt University
>
>
>
>
>
> [image: Charles Sturt University] <http://www.csu.edu.au/>
>
> | ALBURY-WODONGA | BATHURST | CANBERRA | DUBBO | GOULBURN | MELBOURNE | ORANGE | PORT
> MACQUARIE | SYDNEY | WAGGA WAGGA |
> ------------------------------
> LEGAL NOTICE
> This email (and any attachment) is confidential and is intended for the
> use of the addressee(s) only. If you are not the intended recipient of this
> email, you must not copy, distribute, take any action in reliance on it or
> disclose it to anyone. Any confidentiality is not waived or lost by reason
> of mistaken delivery. Email should be checked for viruses and defects
> before opening. Charles Sturt University (CSU) does not accept liability
> for viruses or any consequence which arise as a result of this email
> transmission. Email communications with CSU may be subject to automated
> email filtering, which could result in the delay or deletion of a
> legitimate email before it is read at CSU. The views expressed in this
> email are not necessarily those of CSU.
>
> Charles Sturt University in Australia <http://www.csu.edu.au> The Grange
> Chancellery, Panorama Avenue, Bathurst NSW Australia 2795 (ABN: 83 878 708
> 551; CRICOS Provider Number: 00005F (National)). TEQSA Provider Number:
> PV12018
>
> Consider the environment before printing this email.
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160412/d2c8fe93/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: csu-logo_74f41715-4530-4005-a285-3280d58d5de0.bmp
Type: image/bmp
Size: 37976 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20160412/d2c8fe93/attachment-0001.bmp>
More information about the users
mailing list