Script the value of the discovery url for SAML auth flow? (discovery-config.xml)
Cantor, Scott
cantor.2 at osu.edu
Wed Jul 29 17:45:49 UTC 2020
On 7/29/20, 12:49 PM, "users on behalf of Jeremy A Scott" <users-bounces at shibboleth.net on behalf of jeremy.scott at wisc.edu> wrote:
> Is there a better way for me to change the discovery URL for SAML authn based on the relying party?
Use shibboleth.ContextFunctions.Scripted
(note the plural)
> (Something in relying-party.xml or, even better, metadata?)
You can certainly use metadata, but you have to be able to dig into the API and get used to accessing entity attributes. The conditions are all predefined to know how to access those, but using them in functions requires actually digging them out.
However, you can repurpose the Java code defined for deriving properties in relying-party.xml and use them for this purpose by hacking them a bit to access property names using a different URL prefix than the ones we use for those lookups in our namespace.
I would have to go dig out the example I came up with for somebody else if you wanted to do it, but the classes that do all of that are wired up inside relying-party-mddriven.xml in the system tree. There's an aliases property where it takes in "alternate" URL prefixes for the tag names to go search for.
The MDDriven lookup function classes are all API, so using them in other places is "safe".
-- Scott
More information about the users
mailing list