>>> On 22/04/2010 at 08:39, in message
<[log in to unmask]>, Michael
White <[log in to unmask]> wrote:
> Oh, thanks Andy,
>
>
> If this is working for you, then there is something going on that I'm
> missing (wouldn't be the first time!) - have I misunderstood this bug? Are
> there circumstances in which aacli will successfully resolve attributes for
> an Entity that is part of an "AttributeRequesterInEntityGroup"?
Ahh - that's probably why it worked for me. I started playing with this before I saw any documentation that mentioned "AttributeRequesterInEntityGroup" (it still doesn't seem to be very clearly documented ) but I do see it now in http://www.ukfederation.org.uk/content/Documents/Setup2IdP:
<PolicyRequirementRule xsi:type="saml:AttributeRequesterInEntityGroup"
groupID="http://ukfederation.org.uk" />
For my default attribute release of ePTID(old and new) ePSA and epA I just have:
<AttributeFilterPolicy id="releaseToAnyone">
<PolicyRequirementRule xsi:type="basic:ANY" />
As documented at https://spaces.internet2.edu/display/SHIB2/IdPAddAttributeFilter why would I want to do otherwise?
Andy
************************************************************
Please consider the environment. Do you really need to print this email?
The University of Dundee is a registered Scottish charity, No: SC015096
|