Shibboleth Developers

[Petra Berg <>]

>> using shibboleth IdP 2.1.5 with uApprove 2.1.3 plug-in has a disadvantage:
>> If an user don't want to release all attributes, he is constrained to
>> abort the authentication process.
>> But in some cases no attributes are needed, only the authentication
>>     
> itself.
>
> I'm not sure how uApprove recognizes the NameID itself as an attribute, but
> lacking some kind of non-transient ID, that doesn't make much sense to me.
> Authentication without some attribute is meaningless.
>
> But if there's a distinction to be made between one set of attributes or
> possibly "no attributes but a NameID of some kind", that's the sort of thing
> the multiple service level idea was intended to capture.
>
> -- Scott
>   
My first Idea was, to make the user able to choose attributes for
transmission in uApprove. Without any Attributes should be an exception.
To use some kind of NameID is a new aspect.
In this context is the RequstedAttribute tag in
AttributeConsumingService working? I tried it but without success. I
didn't saw the requested Attribute list in the IdP. (Should make sense
to mark the Attributes in uApprove.)

Regards,
Petra Berg

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature