group in CAS service definition of CASServiceRegistry
YF Lai
ccyflai at ust.hk
Mon Jun 6 02:21:14 UTC 2022
It seems checkAffiliations in InEntityGroup policy rule was the matter. The rule will failure whatever checkAffiliations was set to true or false. It works if this attribute is not present.
-YF
From: users <users-bounces at shibboleth.net> On Behalf Of Michael Grady
Sent: Friday, 3 June 2022 9:44 pm
To: Shib Users <users at shibboleth.net>
Subject: Re: group in CAS service definition of CASServiceRegistry
On Jun 3, 2022, at 7:26 AM, Cantor, Scott via users <users at shibboleth.net<mailto:users at shibboleth.net>> wrote:
It seems the group in CAS service definition of CASServiceRegistry cannot be used in InEntityGroup type of
policy rule in AttributeFilterConfiguration. I can’t group related CAS services definition in this way to have the
same attribute release policy. Is it not implemented or a bug?
And what causes you to think the above? We've used the
<PolicyRequirementRule xsi:type="InEntityGroup" groupID="CAS_groupname_from_registry" />
quite a bit in the attribute-filter file, and if it has stopped working, there sure haven't been any reports of such.
--
Michael A. Grady
IAM Architect, Unicon, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220606/1ee7a386/attachment.htm>
More information about the users
mailing list