Page tree
Skip to end of metadata
Go to start of metadata

By default Shibboleth enables attribute consent, when the Service Provider wants to access an attribute you well be shown this page:

You don't always want to show that, for example you don't want them to see this when you are accessing the IAM of your company. But you do want them so see this when a third party (not you) is requesting those attributes. It gives better insight to what the third party can access.


Disabling for a specific Service Provider

Inside `<util:list id="shibboleth.RelyingPartyOverrides">` do the following.

conf/relying-party.xml
        <bean id="ServiceProviderID" parent="RelyingPartyByName" c:relyingPartyIds="ServiceProviderID">
            <property name="profileConfigurations">
                <list>
					<!-- This will disable consent for both SAML1 & SAML2 -->
                    <bean parent="Shibboleth.SSO" /> <!-- SAML1 -->
                    <bean parent="SAML2.SSO" /> <!-- SAML2 -->
                </list>
            </property>
        </bean>

Disabling for all Service Providers

conf/relying-party.xml
<bean id="shibboleth.DefaultRelyingParty" parent="RelyingParty">
    <property name="profileConfigurations">
        <list>
			<!-- ... --->
			<!-- This will disable consent for both SAML1 & SAML2 -->
            <bean parent="Shibboleth.SSO" /> <!-- SAML1 -->
            <bean parent="SAML2.SSO" /> <!-- SAML2 -->
			<!-- ... --->
		</list>
    </property>
</bean>


  • No labels