Shortcut for releasing attributes requested in metadata
Cantor, Scott
cantor.2 at osu.edu
Tue Jan 25 12:48:51 UTC 2022
On 1/24/22, 10:09 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> Is there any shortcut for that? Or is that the only way to do it? I can't think of a way to simply tell the IdP to
> release any attribute requested in metadata for a given metadata source.
The policy language designed in Shibboleth V2+ doesn't allow for that, there has to be an AttributeRule in the policy and they have to identify the Attribute involved.
> And, for that matter, is there any reason I shouldn't take this route that anyone can think of before I manage
> to shoot myself in the foot?
We went with EntityAttribute tags in our examples so that the GUI project would have a consistent approach to follow but there's ultimately not much difference in how it looks or works, both are essentially the same idea. Yes, you should use metadata, however you do it. A new filter policy should only be needed for unusual cases like value filtering or when adding new attributes.
-- Scott
More information about the users
mailing list