Shibboleth Developers

[Will Norris <>]

On Apr 25, 2006, at 3:46 PM, Walter Hoehn wrote:

> Great!  I think a little more is required, though.  Note that you  
> need these dependencies even if the attribute requirements are  
> specified by the SP.  In this case, listPossibleReleaseAttributes()  
> isn't called, if I'm remembering correctly.

okay, so this was a little trickier.  I reversed the changes I made  
to listPossibleReleaseAttributes() and added a new function...

/**
 * given an attribute request and a set of attributes that are  
planned to be
 * resolved (either those specified in the request or the result of
 * listPossibleReleaseAttributes()), determine what attributes may  
need to
 * be resolved in order to properly evaluate any applicable  
constraints.
 */
public URI[] listRequiredConstraintAttributes(Principal principal,  
String requester, URL resource, URI[] attributeNames)

This is then called from IdPProtocolSupport and the resulting  
attributes are added to the set that gets sent off to the resolver.   
I dug around a bit and this seemed like the best place to put it, but  
I'd like to hear other's thoughts.  I've also added a couple of new  
blackbox tests to test this both with and without attribute designators.

I just sent the new code to Brendan, so it should be online whenever  
he has a chance to upload it to his webspace tomorrow morning.  It  
will be labeled "arp-constraint-03"
[http://isd.usc.edu/~bbellina/gds/software/shibboleth/]

-will

Attachment: smime.p7s
Description: S/MIME cryptographic signature