LocalDynamic + MetadataFilters = possible bug?

Michael Grady mgrady at unicon.net
Thu Jan 14 23:26:10 UTC 2021



> On Jan 14, 2021, at 5:11 PM, Brent Putman <putmanb at georgetown.edu> wrote:
> 
> Yes, I would think so as well.  Although, it isn't clear from the config example whether the entity attributes are applied on all entities.  The example seems obfuscated with an "always true" predicate and dummy entity attribute value.  So maybe it is always happening on the metadata that the predicate matches, if the latter is selective.  Hopefully Steve can tell us.

I can't speak for Steve, but having a filter on LocalDynamic that uses the "always true" predicate would not be that unusual. We are working with someone who has the exact use case, wanting to "tag" all entries that come our of a particular LocalDynamic directory. Just like one would do for the InCommon MDQ, in place of the old approach of using inEntityGroup when using the aggregate.

That's exactly what the LocalDynamic is replacing for this client, a local aggregate they maintained with lots of partner SP metadata.

So far, that "apply filter to all :LocalDynamic" is working ok, but the switch was just made, so time will tell.

--
Michael A. Grady
IAM Architect, Unicon, Inc.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210114/3543b75c/attachment.htm>


More information about the users mailing list