wish list: ability to define reusable blocs in SP configuration
cantor.2 at osu.edu
Mon Aug 6 11:07:22 EDT 2018
> BTW, this organisational issue aside, how do you distinguish between
> different federations, with just attribute-based filtering ? Some kind of SP-
> set 'is-member-of' attribute ?
Federations don't exist in SAML, so there is no technical representation of that. IDP-wise, it's not recommended to do it, but you can always enforce rules by IdP and since you can do that structurally via access control rules, you can do it with no impact on the applications as a transition tool.
> I fear than switching from SP-based routing to Apache-based routing would
> just be moving complexity from one part to another, with additional binding
> with different pieces of software moreover. I'd be more interested in a
> content-based rule on SP side, here, instead of hardwiring an application list
> on DS side.
And, you can. I checked, discoveryURL is a content setting. Already done.
More information about the users