Restricting access to a Service Provider on the IdP side

Cantor, Scott cantor.2 at
Tue Nov 15 14:35:49 UTC 2022

>    we need to restrict access to an SP on IdP-Side. I found a thread from
>   5 years ago[1]. So far so good, but what it does not explain is how to
>    wire the bean into the relying-party.xml.

Probably because that isn't how it works I guess.

There is nothing to "wire into relying-party.xml" unless you're trying to do something fancy with metadata to control the settings and not just switching over to metadata-driven settings for everything.

The best way to do this is to define generic attribute(s) in the resolver that signal whether to allow access, and use a SimpleAttributePredicate in the interceptor function to detect what to do. That makes all the logic reloadable.

-- Scott

More information about the users mailing list