Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

By default Shibboleth enables attribute consent, when the Service Provider wants to access an attribute you well be shown this page:

You don't always want to show that, for example you don't want them to see this when you are accessing the IAM of your company. But you do want them so see this when a third party (not you) is requesting those attributes. It gives better insight to what the third party can access.


Disabling for a specific Service Provider

Inside `<util:list id="shibboleth.RelyingPartyOverrides">` do the following.

Code Block
languagexml
titleconf/relying-party.xml
        <bean id="ServiceProviderID" parent="RelyingPartyByName" c:relyingPartyIds="ServiceProviderID">
            <property name="profileConfigurations">
                <list>
					<!-- This will disable consent for both SAML1 & SAML2 -->
                    <bean parent="Shibboleth.SSO" /> <!-- SAML1 -->
                    <bean parent="SAML2.SSO" /> <!-- SAML2 -->
                </list>
            </property>
        </bean>


Disabling for all Service Providers

Code Block
languagexml
titleconf/relying-party.xml
<bean id="shibboleth.DefaultRelyingParty" parent="RelyingParty">
        <property name="profileConfigurations">
   
        <list>
				<!-- ... --->
				<!-- This will disable consent for both SAML1 & SAML2 -->
   
            <bean parent="Shibboleth.SSO" /> <!-- SAML1 -->
  
             <bean parent="SAML2.SSO" /> <!-- SAML2 -->
				<!-- ... --->
			</list>
   
    </property>
   
</bean>