Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Restrictive mode was developed as a means of dealing with the occasional federated resource that, due to loopholes in some federations' rules, decided that the onus was on the Identity Provider (IdP) to only respond for users that should have access - what the SP was meant to do was make that decision themselves based on the attributes they were passed.

That's what it restrictive mode was built for but it has other applications: