metadata-driven attribute definition
Ian Young
ian at iay.org.uk
Sun Jul 14 14:41:22 EDT 2019
> On 14 Jul 2019, at 17:52, Joshua Dachman <jdachman at gmail.com> wrote:
>
> This is a situation where the IDP has control over the SP metadata so the "mess" will be kept internal.
If the IdP is the driver here, it would seem like the more obvious and less indirect approach would be to put the mapping rules you require into the IdP's configuration and cut out the middle-man. It would probably be simplest to express in terms of per-entity attribute release rules, though.
Is there something about your use case that you haven't mentioned which means that approach can't be used?
-- Ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190714/8fcc6458/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3870 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20190714/8fcc6458/attachment.p7s>
More information about the users
mailing list