Adding an entity attribute to every entity from a provider

[Wessel, Keith]

Correct, or if I'm tagging things myself, I can just give everything from the InCommon MDQ a single entityAttribute since we do the same thing for InCommon and eduGAIN-imported SPs which is back to where I started.

Keith

-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Thursday, April 18, 2019 11:27 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: Adding an entity attribute to every entity from a provider

On 4/18/19, 12:01 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:

> If I use Scott’s approach in my attribute resolver of the absence of 
> elements to determine that the item came from our MDQ provider, I have to maintain entity group or similar attributes for my other providers.

It kinds of depends what the rules are. The only thing I do globally as a default is an attribute rule that's a superset of what I would do for others, so I don't have to explicitly identify anything except what has to get more than that. So I don't end up needing to tag InCommon/eduGAIN at all.

> Alternatively, if InCommon wants to add a new entity attribute to 
> every imported eduGAIN entity saying that it was imported from eduGAIN, I can leverage registered-by-incommon or imported-from-edugain as indicators.

You can tag that yourself if you want by just adding a filter rule to the InCommon source saying tag if not registered by InCommon, of course.

-- Scott


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net