Closed oharsta closed 8 years ago
If a SP is a trusted proxy and send the RequesterID in the scoping section of the AuthNRequest then EB must scope the returned attributes according the ARP (if any) of the RequesterID.
See:
https://github.com/OpenConext/OpenConext-engine-test-stand/blob/master/src/OpenConext/Bundle/FunctionalTestingBundle/Features/SpProxy.feature#L166
https://github.com/OpenConext/OpenConext-engineblock/blob/master/library/EngineBlock/Corto/Filter/Command/AttributeReleasePolicy.php#L22
Fixed with https://github.com/OpenConext/OpenConext-engineblock/commit/a7ccf7da5308f05928b62ac9335e87dfe03e958e
relaxnow
commented
8 years ago
If a SP is a trusted proxy and send the RequesterID in the scoping section of the AuthNRequest then EB must scope the returned attributes according the ARP (if any) of the RequesterID.
See:
https://github.com/OpenConext/OpenConext-engine-test-stand/blob/master/src/OpenConext/Bundle/FunctionalTestingBundle/Features/SpProxy.feature#L166
https://github.com/OpenConext/OpenConext-engineblock/blob/master/library/EngineBlock/Corto/Filter/Command/AttributeReleasePolicy.php#L22