postAuthenticationFlowsLookupStrategy - activationCondition - rpUIContext

[Martin Lunze]

Hi Scott,

Am 20.06.19 um 14:27 schrieb Cantor, Scott:
> On 6/20/19, 4:02 AM, "users on behalf of Martin Lunze" <users-bounces at shibboleth.net on behalf of martin.lunze at tu-dresden.de> wrote:
>
>> Where do you think is a good place in your documentation?
> https://wiki.shibboleth.net/confluence/display/KB/How-to+articles
>
>> Please let me know what you think about this solution :-)
>> Did i some mistakes or maybe there is a shorter and simpler solution?
> You can just attach an activationCondition directly to the consent flow descriptor in profile-intercept.xml when the condition for the flow is essentially global.
At the moment this condition is global for our productive-idp, but our 
test-idp has some more restrictions and maybe they will later come true 
for our productive-idp and then the rule is not anymore global.
But maybe this can be changed a bit, so the rule still become globally 
true. I will see later.
> Touching relying-party.xml is a last resort these days for when nothing else fits. Every override added creates a problem later when something changes and the rules for the things that match the override split and turn into different rules, and the override count multiplies.

Thats why i have removed the overrides and using now only this one 
DefaultRelyingParty with such nice LookupStrategies :-)

> -- Scott
>
>
-- 
Martin Lunze
IT-Systemadministrator

Technische Universität Dresden
Zentrum für Informationsdienste und Hochleistungsrechnen (ZIH)
Operative Prozesse und Systeme (OPS)
01062 Dresden

Tel.: +49 (351) 463-35881
E-Mail: martin.lunze at tu-dresden.de


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5742 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://shibboleth.net/pipermail/users/attachments/20190702/dd440b26/attachment.p7s>