Attribute filter policy conditional on existence of attribute?
Peter Schober
peter.schober at univie.ac.at
Fri Nov 18 08:55:51 UTC 2022
* Baron Fujimoto via users <users at shibboleth.net> [2022-11-18 02:42]:
> I'd like to define an AttributeFilterPolicy that conditionally releases one
> of two attributes depending on whether one of the two exists or not. In
> pseudocode, essentially:
>
> If ( defined attrFoo ) {
> permit attrFoo
> }
> else {
> permit attrBar
> }
You positively need to prevent that both attributes are released in
case both have values (if that what you mean with "exists")?
If so, is there a good reason for that? ;)
If not you'd simply release both attributes and the IDP would take
care of not sending any that don't have any values, which seems to
come close to your requirement, maybe sufficiently close.
Also note that scripting can also be used in the filter, AFAIR, though
it's more often used in the resolver.
-peter
More information about the users
mailing list