postAuthenticationFlowsLookupStrategy - activationCondition - rpUIContext

Martin Lunze martin.lunze at
Tue Jul 2 02:23:02 EDT 2019

Hi Scott,

Am 20.06.19 um 14:27 schrieb Cantor, Scott:
> On 6/20/19, 4:02 AM, "users on behalf of Martin Lunze" <users-bounces at on behalf of martin.lunze at> wrote:
>> Where do you think is a good place in your documentation?
>> Please let me know what you think about this solution :-)
>> Did i some mistakes or maybe there is a shorter and simpler solution?
> You can just attach an activationCondition directly to the consent flow descriptor in profile-intercept.xml when the condition for the flow is essentially global.
At the moment this condition is global for our productive-idp, but our 
test-idp has some more restrictions and maybe they will later come true 
for our productive-idp and then the rule is not anymore global.
But maybe this can be changed a bit, so the rule still become globally 
true. I will see later.
> Touching relying-party.xml is a last resort these days for when nothing else fits. Every override added creates a problem later when something changes and the rules for the things that match the override split and turn into different rules, and the override count multiplies.

Thats why i have removed the overrides and using now only this one 
DefaultRelyingParty with such nice LookupStrategies :-)

> -- Scott
Martin Lunze

Technische Universität Dresden
Zentrum für Informationsdienste und Hochleistungsrechnen (ZIH)
Operative Prozesse und Systeme (OPS)
01062 Dresden

Tel.: +49 (351) 463-35881
E-Mail: martin.lunze at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5742 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the users mailing list