From ddf04a368344f2495ab9c1aee61d62b8dd49cb15 Mon Sep 17 00:00:00 2001
From: Pieter van der Meulen <pieter.vandermeulen@surf.nl>
Date: Tue, 10 Dec 2024 10:18:20 +0100
Subject: [PATCH] Add activation flow sellection using entitlement attribute
 for selfservice 5.0.5

---
 roles/stepupselfservice/templates/parameters.yml.j2 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/roles/stepupselfservice/templates/parameters.yml.j2 b/roles/stepupselfservice/templates/parameters.yml.j2
index cb2f25759..54c6e1bb3 100644
--- a/roles/stepupselfservice/templates/parameters.yml.j2
+++ b/roles/stepupselfservice/templates/parameters.yml.j2
@@ -89,6 +89,11 @@ parameters:
     preferred_activation_flow_name: activate
     preferred_activation_flow_options: [ra, self]
 
+    activation_flow_attribute_name: urn:mace:dir:attribute-def:eduPersonEntitlement
+    activation_flow_attributes:
+        ra:   urn:mace:surf.nl:surfsecureid:activation:ra
+        self: urn:mace:surf.nl:surfsecureid:activation:self
+
     # Self-asserted tokens: enable/disable recovery methods
     #
     # One of the two options should be enabled to have a fully functioning