Using metadata-driven overrides and relying party config
Cantor, Scott
cantor.2 at osu.edu
Thu Jan 14 21:47:50 UTC 2021
On 1/14/21, 4:43 PM, "users on behalf of Michael Grady" <users-bounces at shibboleth.net on behalf of mgrady at unicon.net> wrote:
> Ah, yes. Once one adds it to the DefaultRelying party, one can think of it "turned on" for evreything. Personally, I think
> it would be good to have such an on/off switch, and not be required at the level it is, but a good reminder that it is.
It would have been simple to globally wire it up as a default, but the problem is that opening up to metadata like this is a big, big deal if you don't take care and protect against external metadata tag injection, so that wasn't really an option.
-- Scott
More information about the users
mailing list