No SP to production when "No ARP" option is still checked

[maartenk]

In the SURFconext Instance of Janus we use the test and production modes to an SP. One of the options in Janus on the SP is to set the ARP. Default mode for attribute release is "No ARP" set. When no ARP is set (the option 'No ARP' is checked) all attributes will released to specific SP (no attribute filtering). Although in test mode this can be viable route, in production mode this is undesirable and most likely a human error.

Two request: a) default an empty ARP, so no attributes a released instead of all. b) Block or warn when a config is saved, mode is production and ARP is not set.

One consideration: when an attribute manipulation is used, the No ARP option is required, because filtering will be done by the manual attribute manipulation.

[HennyBekker]

This will be a problem of services (like the Dashboard of SURFconext or the Profile service) to obtain all attributes served by the IdP.. Those services does not use an attribute manipulation script... (which however might be only containing comments)...

[maartenk]

Good point. At least a big warning.