Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] Shib WG Topics

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] Shib WG Topics


Chronological Thread 
  • From: Tom Scavo <>
  • To:
  • Cc: Peter Schober <>
  • Subject: Re: [Shib-Dev] Shib WG Topics
  • Date: Thu, 7 Apr 2011 08:22:06 -0400
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=B3NreqsAzujz8mT1VJ/mfRyirqXuw9tDqZq5VFFgs6Zthmfxa8JspIxVwodvxYFXDg C7CwqJoIGEFE1i9XqCUqQx5MJExpCveABcdiMKLErbcRcWNXZOjwMj75NchMgUO1JMrf szY7aD1u07lzF7H8My1/MmJlt7QTJQuIafDVQ=

On Thu, Apr 7, 2011 at 7:57 AM, Peter Schober
<>
wrote:
>
> Well, if an SP requires ePTId OR ePPN to work (a rather common
> scenario) there is currently no way to express that in the existing
> metadata schema.
> I though that the proposed way to handle this was to list both and set
> isRequired="false" and document/communicate the either/or OOB.

Another (better?) approach is to define *two*
<md:AttributeConsumingService> elements in SP metadata, and then let
the SP try them in turn. If the first one fails (because the IdP can
not or will not supply a required attribute), then the SP simply tries
again.

Tom



Archive powered by MHonArc 2.6.16.

Top of Page