Activation condition for multiple SPs
Lalith Jayaweera
ljayaweera at gmail.com
Fri May 19 01:21:59 EDT 2017
Thanks Scott
Understand your concern regarding versions...
but as per below article, these should work from V3.2.0, but does not look
like
https://wiki.shibboleth.net/confluence/display/IDP30/ActivationConditions
This I tried on IdP 3.2.1 with the stated failure in saml-nameid.xml
However I tried below in saml-nameid.xml and it works
<bean parent="shibboleth.SAML2AttributeSourcedGenerator"
p:format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"
p:attributeSourceIds="#{ {'uid'} }">
<property name="activationCondition">
<bean id="MyCondition"
parent="shibboleth.Conditions.RelyingPartyId">
<constructor-arg name="candidates">
<list>
<value>https:// <https://sp.example.com/shibboleth>tes
tone.com</value>
<value>https:// <https://another.example.com/shibboleth>tes
ttwo.com</value>
</list>
</constructor-arg>
</bean>
</property>
</bean>
Thanks
On Fri, May 19, 2017 at 11:16 AM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> > Also is it correct to state all these stated syntax (expression)
> available from
> > IdP V 3.2.0?
>
> 3.3.1 is the only supported release and I'm not going to provide support
> time for free to determine whether there are fixed bugs in any particular
> area.
>
> > Regarding the <constructor-arg>, did you mean to define something like
> > below and refer via p:activationCondition-ref
>
> Inline or by reference, but it's moot because it works regardless.
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170519/c6242c0e/attachment.html>
More information about the users
mailing list