Restricting Attribute Resolution to only one relaying party

McLennan, Neil R n.mclennan at imperial.ac.uk
Fri Sep 3 13:21:05 UTC 2021 

You are quite correct, so in fact to stop the  ldap-groups data connector from running the   relyingParties="https://t4hosting.imperial.ac.uk/shibboleth" element need to be on the DataConnector not the attribute 


8-202020-registered-students}, StringAttributeValue{value=AD_REGISTRY_MedicineTeam_Read}, StringAttributeValue{value=mate97014-202010-staff}, StringAttributeValue{value=a-dep-ict-registrat-m}, StringAttributeValue{value=ic-bs-ug1-1718-dl}, StringAttributeValue{value=mate97048-202020-registered-students}, StringAttributeValue{value=Office 365 Faculty Project Online Essentials Eligible}, StringAttributeValue{value=shop-mindview-7}, StringAttributeValue{value=shop-visual-studio-2010}, StringAttributeValue{value=CC_SHOP}, StringAttributeValue{value=ic-returning-ug-dl}, StringAttributeValue{value=sp-ethos-allmembers-dl}, StringAttributeValue{value=mate97009-202010-registered-students}, StringAttributeValue{value=mobile-payslip-users}, StringAttributeValue{value=mate97050-202010-registered-students}]'
2021-09-03 13:45:01,499 - 146.179.32.222 - DEBUG [net.shibboleth.idp.attribute.resolver.impl.AttributeResolverImpl:419] - Attribute Resolver 'ShibbolethAttributeResolver': Data connector 'ldap-groups' resolved the following attributes: [distinguishedName, entryDN, sAMAccountName]
2021-09-03 13:45:01,514 - 146.179.32.222 - DEBUG [net.shibboleth.idp.attribute.resolver.impl.AttributeResolverImpl:450] - Attribute Resolver 'ShibbolethAttributeResolver': Finished resolving dependencies for 'memberOfAll'
2021-09-03 13:45:01,514 - 146.179.32.222 - DEBUG [net.shibboleth.idp.attribute.resolver.AbstractResolverPlugin:246] - Resolver plugin 'memberOfAll': activation criteria not met, nothing to do
2021-09-03 13:45:01,514 - 146.179.32.222 - DEBUG [net.shibboleth.idp.attribute.resolver.impl.AttributeResolverImpl:334] - Attribute Resolver 'ShibbolethAttributeResolver': Attribute definition 'memberOfAll' produced no attribute

-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: 03 September 2021 12:57
To: Shib Users <users at shibboleth.net>
Subject: Re: Restricting Attribute Resolution to only one relaying party

That does exactly that, so you are not in fact using that configuration even if you think you are.

-- Scott


-- 
For Consortium Member technical support, see https://shibboleth.atlassian.net/wiki/x/ZYEpPw
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list