New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove coin:schacHomeOrganization feature #1296

Open

thijskh opened this issue May 3, 2024 · 0 comments

Labels

proposed-removal

Member

thijskh commented May 3, 2024

There's a feature in Engineblock that you can set the field coin:schachomeorganization for an IdP A, say to example.gov. This does two things:

It sets the value of the released schacHomeOrganization of this IdP statically to example.gov on outgoing assertions, regardless of the input attribute value.
It makes this value reserved, i.e. other IdPs cannot deliver this schacHomeOrganization anymore, it's checked that incoming SchacHomeOrganization of an IdP B is not listed in coin:schachomeorganization for any other IdP. You can enable this check in attributes.json.

Point 2 is broken en when enabled generates an Exception.

Proposed to remove since it's unused, at least partly broken and introduces quite a bit of complexity in the login processing.

thijskh added the proposed-removal label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment