AW: disable assertion encryption by entityID
Bergmann, Clemens
clemens.bergmann at tu-darmstadt.de
Wed Sep 8 11:13:33 UTC 2021
Hi Peter,
thanks for the fast reply.
I know that I could do it with a new RelyingPartyByName bean but my DefaultRelyingParty has a rather long list of profileConfigurations.
I just want to change that one aspect of the configuration for this SP.
My understanding of that config file is, that I would have to copy that whole profileConfigurations and keep it in sync between the DefaultRelyingParty and the RelyingPartyByName.
I tried to prevent this by not passing a static value to encryptAssertions but using a predicate.
Viele Grüße
Clemens (Bergmann)
--
Clemens Bergmann
Gruppe Nutzermanagement und Entwicklung
Technische Universität Darmstadt
Hochschulrechenzentrum, Alexanderstraße 2, 64289 Darmstadt
Tel. +49 6151 16 71184
http://www.hrz.tu-darmstadt.de/
> -----Ursprüngliche Nachricht-----
> Von: users <users-bounces at shibboleth.net> Im Auftrag von Peter Schober
> Gesendet: Mittwoch, 8. September 2021 11:55
> An: users at shibboleth.net
> Betreff: Re: disable assertion encryption by entityID
>
> * Bergmann, Clemens <clemens.bergmann at tu-darmstadt.de> [2021-09-08
> 11:22]:
> > I want to disable encryption of assertions for one of our test SPs.
>
> FWIW, the IDP contains a complete example of this at the end of
> dist/conf/relying-party.xml:
>
> <util:list id="shibboleth.RelyingPartyOverrides">
> <bean id="ExampleSP" parent="RelyingPartyByName"
> c:relyingPartyIds="https://sp.example.org">
> <property name="profileConfigurations">
> <list>
> <bean parent="SAML2.SSO" p:encryptAssertions="false" />
> </list>
> </property>
> </bean>
> </util:list>
>
> HTH,
> -peter
> --
> For Consortium Member technical support, see
> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
> To unsubscribe from this list send an email to users-
> unsubscribe at shibboleth.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6377 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20210908/21b461cc/attachment.p7s>
More information about the users
mailing list