...
Info | ||
---|---|---|
| ||
Shibboleth IdP v2.3.4 was released on October 27, 2011. For IdPs prior to v2.3.4, InCommon provides a tool that filters InCommon metadata into an explicit |
Release a Fixed Subset of the R&S Bundle
To release a fixed subset of the R&S bundle (or the R&S bundle itself), configure a new <AttributeFilterPolicy>
element that refers to the R&S entity attribute. The following example releases a subset of the R&S bundle to all R&S SPs:
...
To release some other subset of the R&S bundle, simply customize the above example as desired.
Release a Dynamic Subset of the R&S Bundle
To release a dynamic subset of the R&S bundle to each R&S SP on an SP-by-SP basis, configure a new <AttributeFilterPolicy>
element that refers to the R&S entity attribute but limits attribute release to the <md:RequestedAttribute>
elements in SP metadata. This leads to the following two-step configuration process:
...
These two configuration steps taken together constrain the release of attributes to precisely those attributes requested by R&S SPs (assuming those attributes constitute a subset of the R&S bundle).
Install and Configure the Plugin
The uApprove addon to the Shibboleth IdP includes a plugin that limits attribute release to the <md:RequestedAttribute>
elements in SP metadata.
...
The plugin adds a new PermitValueRule
of type ua:AttributeInMetadata
.
Configure a New AttributeFilterPolicy
The following IdP configuration implicitly releases attributes to any R&S SP. An attribute is released if and only if it is listed in SP metadata.
...