Shibboleth Developers

["RL 'Bob' Morgan" <>]

>       -1 for abusing LoginHandler to do something that's less about
>       the user
>       login and more about the service the user is trying to access.
>
> In our case, RL Bob's case, the SP is not inclined to adapt to our 
> needs.  It is unconscionable that we would simply tell our users that 
> this issue conforms neither to our dogma nor that of an intransigent 
> provider. We needed a working solution.

I think Andrew's suggestion was not to push the work onto the SP, but to 
have some componentry in the IdP that implements policy regarding services 
(as CAS has apparently) beyond just attribute release.

 - RL "Bob"