Consent Attribute Release with conditional metadata attributes
Tom Zeller
tzeller at dragonacea.biz
Tue Apr 26 14:38:38 EDT 2016
>> Is there extra debugging I can turn on to help resolve this?
I don't think so, it looks like the EntityAttributesPredicate would
need code changes to add additional logging.
> Your problem, I think, is that you're using an alternate NameFormat for the Attribute to check for, and not specifying it in the configuration rule.
Yes, the relying party override needs the format, but also, the
namespace for the entity attribute defined in metadata needs to be
SAML 2, I believe.
Snippets follow :
<bean id="noAttributeConsentRequired"
parent="TagCandidate"
c:name="ConsentReleaseRequired"
c:format="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
p:values="NotRequired" />
<saml:Attribute
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
Name="ConsentReleaseRequired">
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
<saml:AttributeValue>NotRequired</saml:AttributeValue>
</saml:Attribute>
More information about the users
mailing list