Restricting Attribute Resolution to only one relaying party
McLennan, Neil R
n.mclennan at imperial.ac.uk
Fri Sep 3 11:24:48 UTC 2021
Hi,
How do you prevent an attribute being resolved except for one relying party? Reading https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631969/AttributeDefinitionCommonAttributes I had assumed that the following attribute would only resolve for relying party https://t4hosting.imperial.ac.uk/shibboleth, however it resolves every time no matter what the Service Provider. Obviously resolving a user's nested groups is an expensive operation best avoided unless necessary.
<AttributeDefinition xsi:type="Simple" id="memberOfAll" relyingParties="https://t4hosting.imperial.ac.uk/shibboleth">
<InputDataConnector ref="ldap-groups" attributeNames="distinguishedName"/>
</AttributeDefinition>
I apologise if similar questions have been answered before.
Neil McLennan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210903/4a48ee14/attachment.htm>
More information about the users
mailing list