Multiple values in email attribute
IAM David Bantz
dabantz at alaska.edu
Tue May 26 18:33:30 UTC 2020
(1) what Scott wrote
(2) bang head on table
(3) gin up a single valued attribute and encode and release as "mail" to
the many SPs that break when encountering multi-values of multi-valued
attribute. You can do something really crude like pick the "first" value
of the mail attribute, or your institution or email admins may have a
canonical email address assigned for all users that you can retrieve from
your attribute store.
(4) bang head on table
On Tue, May 26, 2020 at 9:44 AM Cantor, Scott <cantor.2 at osu.edu> wrote:
> Are you the IdP or the SP?
>
> As an IdP you can do many different things, up to and including per-value
> consent (but which a user will probably not understand your intent/purpose
> since they don't *care* about your email problem caused by Amazon's bug).
>
> As an SP, you cannot use a standard attribute like "mail" that is defined
> to be multiply-valued, and expect every IdP in the world to be willing to
> impose your preferred limitation on the syntax, even though most actual
> practice around it is for a single value.
>
> -- Scott
>
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200526/b0dbb840/attachment.htm>
More information about the users
mailing list