AttributeChecker and IdP EntityID

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

AttributeChecker and IdP EntityID

Mark Boyce

All,

 

I’m faced with a circumstance that requires me to create different rules for a number of IdP; i.e. if IdP is A then the attribute rules are this, if IdP is B then the rules are this..  the logic is a bit convoluted, but my sticking point is extracting the IdP Entity ID for use in the ruleset… as in

<OR>

<AND>

<Rule require entityID>my idp entityID goes here</Rule>

<Rule require attribute>my attribute value goes here</Rule>

</AND>

<AND>

… more of above …

 

</OR>

 

Any thoughts (beyond “why?”) would be appreciated.

 

Thanks,

 

m.

 

 

 

Mark L. Boyce

Senior Identity Management Analyst

University of California, Office of the President

415 20th Street

Oakland, CA 94612

Office: 510.987.9681

Cell: 209.851.0196

 


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: AttributeChecker and IdP EntityID

Cantor, Scott E.
Pull the issuer into a dedicated attribute so its usable in a rule.

https://wiki.shibboleth.net/confluence/display/SP3/AssertionAttributeExtractor

-- Scott


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: AttributeChecker and IdP EntityID

Mark Boyce
And that earns me a big "Duh!"...  thanks Scott...

m.

Mark L. Boyce
Senior Identity Management Analyst
University of California, Office of the President

-----Original Message-----
From: users <[hidden email]> On Behalf Of Cantor, Scott
Sent: Wednesday, November 20, 2019 4:44 PM
To: Shib Users <[hidden email]>
Subject: Re: AttributeChecker and IdP EntityID

Pull the issuer into a dedicated attribute so its usable in a rule.

https://wiki.shibboleth.net/confluence/display/SP3/AssertionAttributeExtractor

-- Scott


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]