ValueConfiguration differs from IdP v3.x to v4.x?

Marco Malavolti marco.malavolti at garr.it
Sat May 16 16:44:53 UTC 2020 

Thank you all guys! :)

I'm glad to receive your support, really! Thanks!

This is the problem that I want to solve:

I have 2 different attribute filters:
1) One to release all required attribute to resources belonging to my
identity Federation and satisfied with:

    <PolicyRequirementRule xsi:type="RegistrationAuthority"
registrars="http://www.idem.garr.it/"/>

        <AttributeRule attributeID="eduPersonEntitlement">
            <PermitValueRule xsi:type="AttributeInMetadata"
onlyIfRequired="true" />
        </AttributeRule>

2) One to release only the specific value of "eduPersonEntitlement" to a
specific resource (Elsevier) with:

      <PolicyRequirementRule xsi:type="Requester"
value="https://sdauth.sciencedirect.com/" />

      <AttributeRule attributeID="eduPersonEntitlement">
         <PermitValueRule xsi:type="Value"
value="urn:mace:dir:entitlement:common-lib-terms" />
      </AttributeRule>


Both are valid rules and the first one causes the releasing of all
attributes of eduPersonEntitlement.

Are there other valid solution than change the attribute filter 1) into:

        <AttributeRule attributeID="eduPersonEntitlement">
            <PermitValueRule xsi:type="AND">
               <Rule xsi:type="AttributeInMetadata"
onlyIfRequired="true" />
               <Rule xsi:type="NOT">
                   <Rule xsi:type="Requester"
value="https://sdauth.sciencedirect.com/" />
               </Rule>
        </PermitValueRule>
        </AttributeRule>

?

This solution works well.

Thank you so much!


Best Regards,

-- 
Marco Malavolti
Consortium GARR - Servizio IDEM GARR AAI
Via dei Tizii, 6 - I-00185 (ROMA)
CF: 97284570583 - PI:07577141000
Mobile: +39 331 608 3639
Skype: marco.mala
PGP KEY: https://keys.openpgp.org/search?q=marco.malavolti@garr.it

Il 16/05/20 16:14, Rod Widdowson ha scritto:
>> I haven't seen  any differences in something that elemental. 
> To amplify this - the core code is pretty much identical in the two releases.  That doesn't mean that there *isn't* a difference
> but I would have expected our copies tests to have found it so I'd concur with Scott:
>
>> My guess is your config isn't what you think it is, but all I could suggest is
>> filing the bug and waiting for the resolution. 
> Rod
>

More information about the users mailing list