wish list: ability to define reusable blocs in SP configuration
Guillaume Rousse
guillaume.rousse at renater.fr
Tue Aug 14 11:59:12 EDT 2018
Le 14/08/2018 à 17:31, Cantor, Scott a écrit :
> On 8/14/18, 11:25 AM, "users on behalf of Guillaume Rousse" <users-bounces at shibboleth.net on behalf of guillaume.rousse at renater.fr> wrote:
>
>> I just tested, and it works, excepted for applications using lazy
>> sessions :(
>
> If you're using lazy sessions, then it's up to the application to do authz, no matter what the rule is.
Which would only be reasonable with a constant list of metadata sets. I
can not ask every application admin to maintain a black list of
non-federated IdPs that would grow everytime a new application with its
own specific IdP is to be added globally :(
So, if I can't block those additional IdP at SP level using
authorization directives, I'm back to my original strategy: decide what
is the default set of metadata, and redefine it for every application
with different needs. That's ugly, but it works.
Regards.
--
Guillaume Rousse
Pôle SSI
Tel: +33 1 53 94 20 45
www.renater.fr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3637 bytes
Desc: Signature cryptographique S/MIME
URL: <http://shibboleth.net/pipermail/users/attachments/20180814/56a7dbb1/attachment.p7s>
More information about the users
mailing list