From f24efb1f671cd8beb4f907b4813738510b88e88a Mon Sep 17 00:00:00 2001
From: Christopher Hubing <chubing@internet2.edu>
Date: Tue, 8 Aug 2023 10:57:14 -0400
Subject: [PATCH] quicksite and datazone change

they require an email attribute, which requires the policy to allow the IDP to do a "sts:SetSourceIdentity"
---
 shibpolicy.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/shibpolicy.json b/shibpolicy.json
index bf9162b..9c98eb1 100644
--- a/shibpolicy.json
+++ b/shibpolicy.json
@@ -3,7 +3,8 @@
   "Statement": [
     {
       "Effect": "Allow",
-      "Action": "sts:AssumeRoleWithSAML",
+      "Action": [ "sts:AssumeRoleWithSAML",
+                 "sts:SetSourceIdentity" ]
       "Principal": {
         "Federated": "arn:aws:iam::135656781587:saml-provider/SATOSA"
       },