Splitting the relying-party.xml
Wessel, Keith
kwessel at illinois.edu
Tue Aug 25 17:54:16 UTC 2020
Thanks, Scott. That's reasonable enough advice.
I'll work on converting my RelyingPartyByName configs to RelyingPartyByTag.
Keith
-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Tuesday, August 25, 2020 12:21 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Splitting the relying-party.xml
On 8/25/20, 1:13 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> 1. Is this split going to work, or does that overrides bean need to
> be in the file where the unverified and default RP configurations are defined?
It's not that simple, it's a list and the list has to be defined in total or you would have to learn how to do list merging with Spring to separate out part of the list in a separate bean (and order is still a part of the processing model so the merging would have to be well-defined).
Simply put: I would largely stop using overrides. Use metadata and tags to do most of what you're doing in them, and if you really want to apply separate rules outside of the metadata, use metadata filters. You can define filters in separate files now as well, which means there could be a prod vs. dev filter file too.
-- Scott
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list