Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Conditionalize NameID encryption on format

Description

I'm not sure how feasible it is but it would be nice to control NameID encryption based on the Format used, i.e. don't encrypt by default for transients.

This is primarily useful for logout since that's the only common case where it happens. I'm mainly sensitive to the fact that enabling logout propagation is probably 95% Shibboleth SPs, which are 95% transient NameIDs.

Environment

None

Activity

Show:

Scott Cantor June 16, 2021 at 7:14 PM

There was already a hook for this to do it globally, which seems sufficient, so I wired it up to a bean named shibboleth.PlaintextNameIDFormats and documented it.

Done
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Components

Fix versions

Created May 24, 2021 at 6:47 PM
Updated June 16, 2021 at 7:15 PM
Resolved June 16, 2021 at 7:14 PM
Configure