Skip to Content.
Sympa Menu

shibboleth-dev - Re: Constrained delegation with additional attributes

Subject: Shibboleth Developers

List archive

Re: Constrained delegation with additional attributes


Chronological Thread 
  • From: Tom Scavo <>
  • To:
  • Cc: Scott Cantor <>,
  • Subject: Re: Constrained delegation with additional attributes
  • Date: Tue, 22 Nov 2005 10:55:43 -0500
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=pG4bWJMTat4iMIKFQ0ScJa+dLoUazOJzdIBgz/ZkLb3o9ND4Vz1UgknRHj+RpmstvYdIyY5qjm4eERuJnAlh0DzAsfpGzQsrWb/WCt3Fv/PeARW3Og4clY7nywEoxbruNr0bYGnwoevkgqaJDP17tjnuNpKlnVRDOmbTppMkuPQ=

On 11/22/05, Alistair Young
<>
wrote:
>
> What I'm not sure about is whether a SAML Subject, issued by an IdP is SP
> specific, i.e. would the AA release attributes to the VFS based on a SAML
> Subject it originally issued to the VLE?

To answer your question directly, no, a name identifier is not
SP-specific. It could be, I suppose, but AFAIK there is no
implementation of NameIdentifierMapping that takes into account the
requesting SP.

Tom



Archive powered by MHonArc 2.6.16.

Top of Page