IdP - EntityAttributes - Predicate - Regex filter for federation SPs
Tom Scavo
trscavo at gmail.com
Tue Jul 17 09:51:35 EDT 2018
On Mon, Jul 16, 2018 at 7:52 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
>> Unfortunately the AttributeFilterScript feature is expected to be introduced
>> in V3.4. Maybe someone else knows how to do this without
>> AttributeFilterScript.
>
> The filter had no capability to remove existing tags until I added that as a safety net. If you control your metadata sources well enough, that's mostly a nicety, not that essential. If not, you probably have bigger problems. It really depends what you use them to do. If a tag turned on assertion signing or something like that, do I care really? Probably not.
This is off-topic with respect to Martin's issue, but what if a tag
disabled encryption or downgraded assertion signing to SHA-1? As you
know, there actually ARE entity attributes to control such things. [1]
Tom
[1] MetadataDrivenConfiguration https://wiki.shibboleth.net/confluence/x/VQC_AQ
More information about the users
mailing list