nameID mutiple activationCondition per SP based on different src Attribute

[Cantor, Scott]

>    as I replied to Scott in this thread, I guess I'll have to debug this outside
> production, beacause it doesn't seem to be that easy 

It is routine once you understand Format selection, but most people are convinced that somehow the activation conditions have something to do with that, when in fact they have nothing to do with it.

You *start* with the Format as a given, and that's established entirely outside that file you're touching. Until you understand the Format that it wants to use, you can't evaluate what the chain of generators is really doing for that SP.

Once the Format is known, the only generators you have to look at are the ones with that Format, since the rest don't apply.

And then it's almost always an error in attribute resolution or filtering, which is also easy to check separately.

>    I cannot stop/start the service during working hours and it' time
> consuming to wait late evenings to do so . 

None of that requires restarts, only service reloads, but obviously you don't do it in prod anyway. All deployers should have a staging system running identically that can be used to test anything they need to test, and when it comes to this sort of thing, it doesn't even need the keys, merely the config to be able to run aacli.

-- Scott