Consent Attribute Release with conditional metadata attributes

Lipscomb, Gary glipscomb at
Tue Apr 26 20:01:49 EDT 2016

Tom, Scott

The magic bit of logging appeared, and no prompt for consent release.

2016-04-27 09:57:55,370 - DEBUG [net.shibboleth.idp.relyingparty.impl.DefaultRelyingPartyConfigurationResolver:305] - Checking if relying party configuration shibboleth.NoUserConsentRelyingPartybyTag is applicable

2016-04-27 09:57:55,372 - DEBUG [net.shibboleth.idp.relyingparty.impl.DefaultRelyingPartyConfigurationResolver:307] - Relying party configuration shibboleth.NoUserConsentRelyingPartybyTag is applicable

Thanks for your help


> -----Original Message-----
> From: users [mailto:users-bounces at] On Behalf Of Tom Zeller
> Sent: Wednesday, 27 April 2016 4:39
> To: Shib Users <users at>
> Subject: Re: Consent Attribute Release with conditional metadata attributes
> >> Is there extra debugging I can turn on to help resolve this?
> I don't think so, it looks like the EntityAttributesPredicate would need code
> changes to add additional logging.
> > Your problem, I think, is that you're using an alternate NameFormat for the
> Attribute to check for, and not specifying it in the configuration rule.
> Yes, the relying party override needs the format, but also, the namespace for
> the entity attribute defined in metadata needs to be SAML 2, I believe.
> Snippets follow :
> <bean id="noAttributeConsentRequired"
>  parent="TagCandidate"
>  c:name="ConsentReleaseRequired"
>  c:format="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
>  p:values="NotRequired" />
> <saml:Attribute
>    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
>    Name="ConsentReleaseRequired">
>    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
>    <saml:AttributeValue>NotRequired</saml:AttributeValue>
> </saml:Attribute>
> --
> To unsubscribe from this list send an email to users-
> unsubscribe at

Charles Sturt University


This email (and any attachment) is confidential and is intended for the use of the addressee(s) only. If you are not the intended recipient of this email, you must not copy, distribute, take any action in reliance on it or disclose it to anyone. Any confidentiality is not waived or lost by reason of mistaken delivery. Email should be checked for viruses and defects before opening. Charles Sturt University (CSU) does not accept liability for viruses or any consequence which arise as a result of this email transmission. Email communications with CSU may be subject to automated email filtering, which could result in the delay or deletion of a legitimate email before it is read at CSU. The views expressed in this email are not necessarily those of CSU.

Charles Sturt University in Australia
The Grange Chancellery, Panorama Avenue, Bathurst NSW Australia 2795
(ABN: 83 878 708 551; CRICOS Provider Numbers: 00005F (NSW), 01947G (VIC), 02960B (ACT)). TEQSA Provider Number: PV12018

Consider the environment before printing this email.

More information about the users mailing list