Shibboleth Developers

[Nate Klingenstein <>]

David,

Shibboleth 2.0 gives you much more control over this, since it  
includes separate configuration for default providers (authenticated  
successfully, but without specific configuration), and anonymous  
providers (unauthenticated).  You can choose to never even respond to  
unauthenticated providers.

For an IdP that's version 1.3.1+, I believe -- I can't remember  
exactly which version added this -- you can set  
allowAnonymousProviders="false" on the  main <IdPConfig> element, and  
it will never send any response at all.

Thanks,
Nate.

On 9 Apr 2008, at 15:09, 

 wrote:

> I installed one IDP V 1.3 and two SP V1.3.
> Actually , all SP created can connect to my IDP, even if in my  
> metadata.xml there isn't any informations about SP.
> In my IDP 's log I'm able to read "issued to anonymous provider at  
> (ipadress)".
> How can I prevent my IDP from unauthorized SP access.
>
> Thanks for your help.
> David.