> If I understand correctly, from the bug report Rod pointed out, this
shouldn't
> work unless you have a specific Attribute Filter Policy for the SP you are
> testing - i.e. if you have a specific policy for
> "https://sh2testsp1.iay.org.uk/shibboleth" in this case, rather than
relying
> on this SP as being identified as an Entity from the UK Fed metadata - is
that
> the case?
I *think* it's the other way around (It was too long ago that I got bitten
like this). If you have Attribute filter which works by specifying the
entities descriptor then aacli won't work.
Of course, You don't have to have such a filter - if the only metadata you
look at is from the UK federation and you haven't specified an anonymous
relying party then you know that you the SP is in the UK fed. OTOH it
doesn't hurt and does future proof you.
|