wish list: ability to define reusable blocs in SP configuration

Guillaume Rousse guillaume.rousse at renater.fr
Tue Aug 14 11:59:12 EDT 2018

Le 14/08/2018 à 17:31, Cantor, Scott a écrit :
> On 8/14/18, 11:25 AM, "users on behalf of Guillaume Rousse" <users-bounces at shibboleth.net on behalf of guillaume.rousse at renater.fr> wrote:
>> I just tested, and it works, excepted for applications using lazy
>> sessions :(
> If you're using lazy sessions, then it's up to the application to do authz, no matter what the rule is.
Which would only be reasonable with a constant list of metadata sets. I 
can not ask every application admin to maintain a black list of 
non-federated IdPs that would grow everytime a new application with its 
own specific IdP is to be added globally :(

So, if I can't block those additional IdP at SP level using 
authorization directives, I'm back to my original strategy: decide what 
is the default set of metadata, and redefine it for every application 
with different needs. That's ugly, but it works.

Guillaume Rousse
Pôle SSI

Tel: +33 1 53 94 20 45

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3637 bytes
Desc: Signature cryptographique S/MIME
URL: <http://shibboleth.net/pipermail/users/attachments/20180814/56a7dbb1/attachment.p7s>

More information about the users mailing list