...
The Shibboleth IdP software supports the first option out-of-the-box. The second option requires a special plugin at the Shibboleth IdP.
An IdP relies on In either case, an IdP leverages entity attributes (instead of entity IDs) to support R&S. Thus the configuration steps documented here require Shibboleth IdP v2.3.4 or later, which fully supports using entity attributes in SP metadata as part of an attribute release filter policy. (No other IdP software is known to support entity attributes at this time.)
| Info | ||
|---|---|---|
| ||
Shibboleth IdP v2.3.4 was released on October 27, 2011. For IdPs prior to v2.3.4, InCommon provides a an XSLT tool that filters InCommon metadata into an explicit |
...
To release a fixed subset of the R&S bundle (or the complete R&S bundle itself), configure a new <AttributeFilterPolicy> element that refers to the R&S entity attribute. The following example releases a subset of the R&S bundle to all R&S SPs:
...
To release some other subset of the R&S bundle, simply customize the above example as desiredto match your policy.
Release a Dynamic Subset of the R&S Bundle
To dynamically release a dynamic subset of the R&S bundle to each R&S SP on an SP-by-SP basis, configure a new <AttributeFilterPolicy> element that refers to the R&S entity attribute but limits attribute release to the <md:RequestedAttribute> elements in SP metadata. This leads to the following two-step configuration process:
...