Comment 5 for bug 1724645

The fact that we can modify both tthe Federation protocol object *AND* the Apache config means that we do not need to be able to also tweak things inside the configuration file, and right now, that config is making it impossible to the the federation protocol right. So, yes, we need to drop the config option from the file and move it to the federation protocol, and no, that will not negatively impact our ability to make things work based on the Apache config.

The Apache Config will, for the most part, determine whether to let a parameter through from the assertion or not. In some cases, it will perform minor modifications of a parameter, but it will be something like whether to remove the REALM from a Kerberos principal. Having the configuration value in file will not do anything that having it in the protocol object (or mapping, to be honest) would not do any way.