Information to be Provided to Service - message

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Information to be Provided to Service - message

Lohr, Donald
We have a sandbox IdP we use for SP config/development purposes and have
configured that IdP to support an on-prem SP and right after a
successful auth, the following message displays in the browser:


You are about to access the service:
demo.jmu.edu

Information to be Provided to Service
cn     smithxx


The information above would be shared with the service if you proceed.
Do you agree to release this information to the service every time you
access it?
Select an information release consent duration:

Ask me again at next login

     I agree to send my information this time.

Ask me again if information to be provided to this service changes

     I agree that the same information will be sent automatically to
this service in the future.

Do not ask me again

     I agree that all of my information will be released to any service.

This setting can be revoked at any time with the checkbox on the login page.


How do we prevent this?

Thanks,

--
D o n a l d   L o h r
  I n f o r m a t i o n   S y s t e m s
  J a m e s   M a d i s o n   U n i v e r s i t y
  5 4 0 . 5 6 8 . 3 7 3 0

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Information to be Provided to Service - message

Ray Bon
Donald,

This is attribute release consent page. It is set in relying-party.xml, https://wiki.shibboleth.net/confluence/display/IDP30/RelyingPartyConfiguration

You can remove this bean:

<bean parent="Shibboleth.SSO"
p:postAuthenticationFlows="attribute-release"/>

Or add an entry to override it:

<bean parent="RelyingPartyByName" c:relyingPartyIds="#{{'yourSPID'}}">
<property name="profileConfigurations">
<list>
<bean parent="SAML2.SSO"

p:postAuthenticationFlows="#{ {} }"/>
</list>
</property>
</bean>

Ray

On Fri, 2020-01-17 at 14:48 -0500, Lohr, Donald wrote:
We have a sandbox IdP we use for SP config/development purposes and have 
configured that IdP to support an on-prem SP and right after a 
successful auth, the following message displays in the browser:


You are about to access the service:
demo.jmu.edu

Information to be Provided to Service
cn     smithxx


The information above would be shared with the service if you proceed. 
Do you agree to release this information to the service every time you 
access it?
Select an information release consent duration:

Ask me again at next login

     I agree to send my information this time.

Ask me again if information to be provided to this service changes

     I agree that the same information will be sent automatically to 
this service in the future.

Do not ask me again

     I agree that all of my information will be released to any service.

This setting can be revoked at any time with the checkbox on the login page.


How do we prevent this?

Thanks,

-- 
D o n a l d   L o h r
  I n f o r m a t i o n   S y s t e m s
  J a m e s   M a d i s o n   U n i v e r s i t y
  5 4 0 . 5 6 8 . 3 7 3 0

-- 
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [hidden email]

I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Information to be Provided to Service - message

Tom Zeller-3
In reply to this post by Lohr, Donald
> How do we prevent this?

Here is a link to documentation on how to disable consent to attribute release :

https://wiki.shibboleth.net/confluence/display/IDP30/ConsentConfiguration#ConsentConfiguration-DisablingAttributeReleaseConsent

Tom
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Information to be Provided to Service - message

Lohr, Donald
In reply to this post by Ray Bon
The consent was only showing for that one SP.  I have a SP specific bean but had a typeO in the url value for relyingPartyIds for my SP.

Thanks so much.

On 1/17/20 3:13 PM, Ray Bon wrote:
Donald,

This is attribute release consent page. It is set in relying-party.xml, https://wiki.shibboleth.net/confluence/display/IDP30/RelyingPartyConfiguration

You can remove this bean:
    <bean parent="Shibboleth.SSO"
          p:postAuthenticationFlows="attribute-release"/>

Or add an entry to override it:
<bean parent="RelyingPartyByName" c:relyingPartyIds="#{{'yourSPID'}}">
    <property name="profileConfigurations">
        <list>
            <bean parent="SAML2.SSO"

                  p:postAuthenticationFlows="#{ {} }"/>
        </list>
    </property>
</bean>

Ray

On Fri, 2020-01-17 at 14:48 -0500, Lohr, Donald wrote:
We have a sandbox IdP we use for SP config/development purposes and have 
configured that IdP to support an on-prem SP and right after a 
successful auth, the following message displays in the browser:

        

        
You are about to access the service:
demo.jmu.edu

        
Information to be Provided to Service
cn     smithxx

        

        
The information above would be shared with the service if you proceed. 
Do you agree to release this information to the service every time you 
access it?
Select an information release consent duration:

        
Ask me again at next login

        
     I agree to send my information this time.

        
Ask me again if information to be provided to this service changes

        
     I agree that the same information will be sent automatically to 
this service in the future.

        
Do not ask me again

        
     I agree that all of my information will be released to any service.

        
This setting can be revoked at any time with the checkbox on the login page.

        

        
How do we prevent this?

        
Thanks,

        
-- 
D o n a l d   L o h r
  I n f o r m a t i o n   S y s t e m s
  J a m e s   M a d i s o n   U n i v e r s i t y
  5 4 0 . 5 6 8 . 3 7 3 0

      
-- 
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [hidden email]

I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.


-- 
D o n a l d   L o h r
 I n f o r m a t i o n   S y s t e m s
 J a m e s   M a d i s o n   U n i v e r s i t y
 5 4 0 . 5 6 8 . 3 7 3 0


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]