Mutual confirmation of attributes of two SP
Cantor, Scott
cantor.2 at osu.edu
Wed Apr 8 19:37:41 EDT 2020
On 4/8/20, 7:05 PM, "users on behalf of Marcus Schopen" <users-bounces at shibboleth.net on behalf of lists at localguru.de> wrote:
> Is it possible to configure the IDP for the two SPs in such a way that the release of the attributes applies reciprocally
> to both SPs?
By building and deploying a custom function to produce the "key" that is used to associate and store the consent decision such that part of the key derived for both SPs is common and not derived from the entityID of them individually. It isn't documented at this point and I'm not sure it's actually overrideable in a supported way, though it should be.
Yes in theory, no in practice, and doing that for every combination of SPs that happen to "fit together" would be potentially a lot of constant work.
Practically, either approve the release globally or live with per-SP consent. You should only have to approve it once per SP generally anyway.
-- Scott
More information about the users
mailing list