wish list: ability to define reusable blocs in SP configuration

Cantor, Scott cantor.2 at osu.edu
Mon Aug 6 08:57:41 EDT 2018

> We deploy SP on authenticating reverse proxies, meaning each SP manage a
> lot of different applications (approximatively 40 currently), each in a different
> virtual host. What makes those applications different is the exact set of
> trusted IdPs:

That is not how it works. You don't limit trust by application, you control access with attributes. You should not  limit the metadata to specific virtual hosts. So that's one problem that's easy to fix and is entirely self-inflicted. You do not need overrides for this.

> For each of those set, we have to define a different list of metadata files, and
> a different discovery service URL.

That last one I may have overlooked. I can see if that's doable if it's not already possibly to use a content-driven rule for setting the DS URL, but I would note that it's already possible with a little rewriting or scripting with Apache, just route all of them to a fixed DS and then do a further delineation from there.

> I'm ready to fill an formal enhancement request on Jira for this feature if it
> can be considered feasable and useful.

It's not necessary to solve your problem and it would be years if ever before any more enhancements ever got done.

-- Scott

More information about the users mailing list