nameID mutiple activationCondition per SP based on different src Attribute
Cantor, Scott
cantor.2 at osu.edu
Tue Sep 20 21:27:13 UTC 2022
> I've been "noodling on" what I hope to become an "article" on the use of
> NameIDs in the IdP, it seems to be the/one of the most misunderstood
> things to configure in the Shib IdP. But some core principles that I personally
> think one should follow:
I would generally agree with all of that, allowing that in practice most simple filter policies are more or less the same as chaining a few positively-oriented activation conditions together.
It's the "NOT" rules that get people screwed up in both cases.
-- Scott
More information about the users
mailing list