This repository has been archived by the owner on Feb 14, 2020. It is now read-only.
No SP to production when "No ARP" option is still checked #524
Comments
|
This will be a problem of services (like the Dashboard of SURFconext or the Profile service) to obtain all attributes served by the IdP.. Those services does not use an attribute manipulation script... (which however might be only containing comments)... |
|
Good point. At least a big warning. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
In the SURFconext Instance of Janus we use the test and production modes to an SP. One of the options in Janus on the SP is to set the ARP. Default mode for attribute release is "No ARP" set. When no ARP is set (the option 'No ARP' is checked) all attributes will released to specific SP (no attribute filtering). Although in test mode this can be viable route, in production mode this is undesirable and most likely a human error.
Two request: a) default an empty ARP, so no attributes a released instead of all.
b) Block or warn when a config is saved, mode is production and ARP is not set.
One consideration: when an attribute manipulation is used, the No ARP option is required, because filtering will be done by the manual attribute manipulation.
The text was updated successfully, but these errors were encountered: