Force a fixe value for a Mapped AttributeDefinition (DocuSign AccountID)
cantor.2 at osu.edu
Thu Jan 28 20:08:31 UTC 2021
On 1/28/21, 3:01 PM, "users on behalf of Jehan PROCACCIA" <users-bounces at shibboleth.net on behalf of jehan.procaccia at tem-tsp.eu> wrote:
> I want to send our AccountID (provided by docusign) in order that automatically at 1rst login our users be created with
> the correct permissions.
That may be the difference, our system is pre-provisioned I believe.
> I create a wiki page reagarding that DS integration with shibboleth IDP 4 , because I encountered many customisation
> no encryption, specific nameID (persistent + mail based), mapping attributes, metadata exchange ... :
They certainly support encryption, but they do require persistent NameIDs, I am aware of that. They do update email addresses based on that. It's all a bit under the covers but it matches what I had to do.
> anyway, I'll be glad to have your opnion on my DS integration with IDP 4 , maybe I customized too many things that
> were not mandatory ?
Only the encryption thing stands out.
I'm simply saying that when a vendor asks me to send them a fixed value for everybody, the obvious response is "why on earth can't you apply the same value at your end?". If the value is not in fact "fixed" but a signal to use a particular role and it just *happens* to be set the same for everyone, that's quite different. It's only fixed as a matter of policy choice, not design.
More information about the users