IdPv3 attribute filter behaviour
Cantor, Scott
cantor.2 at osu.edu
Mon May 16 14:45:13 EDT 2016
On 5/16/16, 11:55 AM, "users on behalf of Yavor Yanakiev" <users-bounces at shibboleth.net on behalf of yavor at nyu.edu> wrote:
>A syntax error, RequesterRegex used with "value=" instead of "regex=", in the IdPv3 attribute-filter.xml causes the entire filter configuration to collapse and prevents any attribute release.
If it can't load the filter policy, then it has to do *something* by default. I don't think there's any other reasonable default, is there?
>I can't recall what was exact IdPv2 behavior, but my impression
> is, error like this wasn't affecting the entire filter configuration, just the mistaken filter.
That's not possible to support, if the error involves the file being schema-invalid. It either parses or it doesn't.
I don't think we ever exposed an option to turn off that validation, at least not for the filter or resolver. If we did/do, that would impact what errors were fatal or not.
-- Scott
More information about the users
mailing list