This repository has been archived by the owner on Jul 11, 2018. It is now read-only.
IdP access requests
By default, the OpenConext WAYF only shows IdPs that are allowed to access the SP according to the ACL. However, in the ServiceRegistry you can configure a SP to show all the IdPs in the WAYF, not only the ones that are allowed access. This feature is disabled by default.
To enable this you must add the metadata property coin:display_unconnected_idps_wayf and check it to true.
When the end user clicks an IdP that has no access, he can request access for it. A form will be shown that the end user needs to fill out and submit. By default, this form is then sent via email to [email protected]; this should be overridden in /etc/surfconext/engineblock.ini.
; The default email where IdP request access are send
email.help = "[email protected]"