Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
en:functionaltest_sp [2017/06/15 21:36] – Wolfgang Pempe | en:functionaltest_sp [2017/06/19 09:06] – Wolfgang Pempe | ||
---|---|---|---|
Line 13: | Line 13: | ||
| test-me | | test-me | ||
| test-ma | | test-ma | ||
- | The primary purpose of these accounts is to test authorisation with typical content providers - **in that case the user ' | + | The primary purpose of these accounts is to test authorisation with typical content providers - **in this case the user ' |
- | In case that further test users are required, providing more **specific | + | If more and/or other attributes |
==== Attribute-based Authorization ==== | ==== Attribute-based Authorization ==== | ||
**Important: | **Important: | ||
- | In the overwhelming majority of cases, a service (respectively a Service Provider) is supposed to be available only for a subset of the users at a Home Organization. For this reason, a successful authentication at the home IdP is usually not sufficient for granting access to a protected resource! Rather, the authorization decision must be made by means of the user attributes released by the IdP. Which attributes (and attribute) values are appropriate for this purpose, depends on the type and implementation of the respective | + | In the overwhelming majority of cases, a service (respectively a Service Provider) is supposed to be available only for a subset of the users at a Home Organization. For this reason, a successful authentication at the home IdP is usually not sufficient for granting access to a protected resource! Rather, the authorization decision must be made by means of the user attributes released by the IdP. Which attributes (and attribute values) are appropriate for this purpose, depends on the type and implementation of the service |
+ | |||
+ | **Next step:** [[en: |