On 3/31/14, 4:14 AM, "Kristof Bajnok" <[log in to unmask]> wrote:
>two, slightly orthogonal questions regarding SAML processing capabilities:
>
>1) Is it possible to do SAML2 Attribute Query (aka SimpleAggregation
>AttributeResolver) at the SP side of Moonshot?
Certainly outside the Moonshot architecture it is, the SP code there is
just the SP, it will run whatever resolver(s) you configure. But of course
that uses the SAML trust management code.
>2) Is it possible to do make authorisation decisions based on SAML
>attributes, such as "require affiliation foo && require entitlement bar"?
I can't speak for the application side, but it's not possible in the SP
right now I don't think. I had proposed that if the mech_eap code wanted
to do so, it could conceivably manufacture URIs to pass into the access
control API in the SP to do so.
-- Scott
|