Multiple RelyingPartyByName Matches
Cantor, Scott
cantor.2 at osu.edu
Wed Jul 27 16:30:18 EDT 2016
On 7/27/16, 4:18 PM, "users on behalf of Klingenstein, Nate" <users-bounces at shibboleth.net on behalf of nklingenstein at calstate.edu> wrote:
> What's the "right" way to do this? Dynamically insert tags into the metadata and match
> on those, or...?
I don't know if there's a right or wrong way, but merging will (very likely) never happen, and it will always use the first one whose activation condition returns true. So whatever that means, it means. Mostly it means you can't do much better than specific RP rules, but you can do some factoring out of profile configuration beans and then reference them, to get some reuse.
Applying tags doesn't usually help with this, because the first matching tag would win.
In 3.3, however, you can plug in functions to return most settings instead of setting them in XML. That means you could have a single override covering a number of cases, but implement a second axis of behavior in scripts you plug in. That's the closest there is to a solution to cross-cutting overrides.
-- Scott
More information about the users
mailing list