[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-users
Subject:    Re: multi-tenant SP
From:       "Cantor, Scott via users" <users () shibboleth ! net>
Date:       2023-03-23 19:24:22
Message-ID: 639F079C-8455-4973-B90C-00D1C5EE29FC () osu ! edu
[Download RAW message or body]

> Are you saying using ShibRequestSetting entityID does that (discards a
> shibboleth session with a non-matching entityID, and only then uses the
> specified entityID)?

No, it does not, nor does what you were doing. Discovery != authorization, no matter how you do it.

I'm saying application code can do authorization in addition to, or in lieu of, Apache require rules.

-- Scott


-- 
For Consortium Member technical support, see https://shibboleth.atlassian.net/wiki/x/ZYEpPw
To unsubscribe from this list send an email to users-unsubscribe@shibboleth.net
[prev in list] [next in list] [prev in thread] [next in thread]