turning on ignoreUnmappedEntityAttributes
Wessel, Keith
kwessel at illinois.edu
Wed Aug 11 16:49:45 UTC 2021
Hey, all,
Per the advice in the wiki [1], I'd like to turn on idp.service.relyingparty.ignoreUnmappedEntityAttributes to improve performance. It's clear that any metadata-driven tags that specifically control profile configuration settings need to include:
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
In both local XML and in entity attribute metadata filter blocks. My question is what about other tags? I, for instance, have a number of tags in my local urn:mace:incommon:uiuc.edu namespace. All of them also have values prefixed with urn:mace:incommon:uiuc.edu, though I don't think that's relevant. Question is if I don't add a NameFormat attribute to those tags, will they still work after enabling ignoreUnmappedEntityAttributes? I don't fully understand what a "mapped" entity attribute is and, therefore, the significance of adding a NameFormat attribute.
Thanks,
Keith
[1] https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631679/MetadataDrivenConfiguration
More information about the users
mailing list