IdP - EntityAttributes - Predicate - Regex filter for federation SPs

Tom Scavo trscavo at
Tue Jul 17 09:51:35 EDT 2018

On Mon, Jul 16, 2018 at 7:52 PM, Cantor, Scott <cantor.2 at> wrote:
>> Unfortunately the AttributeFilterScript feature is expected to be introduced
>> in V3.4. Maybe someone else knows how to do this without
>> AttributeFilterScript.
> The filter had no capability to remove existing tags until I added that as a safety net. If you control your metadata sources well enough, that's mostly a nicety, not that essential. If not, you probably have bigger problems. It really depends what you use them to do. If a tag turned on assertion signing or something like that, do I care really? Probably not.

This is off-topic with respect to Martin's issue, but what if a tag
disabled encryption or downgraded assertion signing to SHA-1? As you
know, there actually ARE entity attributes to control such things. [1]


[1] MetadataDrivenConfiguration

More information about the users mailing list