shibboleth-dev - [Shib-Dev] ECP delegation: <PolicyRule type="Delegation" .../> question
Subject: Shibboleth Developers
List archive
- From: Valery Tschopp <>
- To:
- Subject: [Shib-Dev] ECP delegation: <PolicyRule type="Delegation" .../> question
- Date: Wed, 13 Oct 2010 17:16:22 +0200
- Organization: SWITCH
Hi guys,
I have a question about the SP <PolicyRule type="Delegation" .../> configuration. Reading https://spaces.internet2.edu/display/SHIB2/NativeSPPolicyRule#NativeSPPolicyRule-DelegationRule%28Version2.2andAbove%29 it is not clear to me how to configure a WSP which accept delegated assertion from 2 different WSC portals. In particular the "match" attribute is not clear...
Does the rule here below mean "accept portal1 or portal2 as delegate" or does it build a delegation chain: "portal1 -> portal2 -> wsp" ?
Cheers,
Valery
<PolicyRule type="Delegation" match="oldest"
xmlns:del="urn:oasis:names:tc:SAML:2.0:conditions:delegation">
<del:Delegate>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://portal1.example.org/shibboleth</saml:NameID>
</del:Delegate>
<del:Delegate>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://portal2.example.org/shibboleth</saml:NameID>
</del:Delegate>
</PolicyRule>
--
SWITCH
Serving Swiss Universities
--------------------------
Valery Tschopp, Software Engineer, Middleware
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
email:
phone: +41 44 268 1544
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- [Shib-Dev] ECP delegation: <PolicyRule type="Delegation" .../> question, Valery Tschopp, 10/13/2010
- RE: [Shib-Dev] ECP delegation: <PolicyRule type="Delegation" .../> question, Scott Cantor, 10/13/2010
Archive powered by MHonArc 2.6.16.