OIDC dynamic registration policy ID

Wessel, Keith kwessel at illinois.edu
Thu Jul 21 14:10:49 UTC 2022


Alright, thanks for all the info. I'll give it a spin and create issues/feature requests as needed.

Keith


-----Original Message-----
From: Cantor, Scott <cantor.2 at osu.edu> 
Sent: Thursday, July 21, 2022 8:24 AM
To: Shib Users <users at shibboleth.net>
Cc: Wessel, Keith <kwessel at illinois.edu>
Subject: Re: OIDC dynamic registration policy ID

On 7/20/22, 11:40 PM, "users on behalf of Wessel, Keith via users" <users-bounces at shibboleth.net on behalf of users at shibboleth.net> wrote:

>    Okay, I'm intrigued. How would I embed the policy in the token? I know,
> when I issue a token, that I have to either reference a policy ID or a policy
> location. Are you referring to referencing a policy location instead of a
> policy ID?

My recollection was that if the policy is done by location that it ends up embedded, not referenced. The code seems to bear it out though I'm just skimming it.

> My plan at this point is to have a default policy for most registrations,
> presumably web-based clients.

That's kind of my assumption, which is why I'm not sure (yet) that the override issue is a big problem, since most other setings can be addressed without more overrides.

-- Scott




More information about the users mailing list