Shibboleth IDP4 Notes: Difference between revisions

From NIEF Wiki
Jump to navigation Jump to search
Line 40: Line 40:
!Attribute Name
!Attribute Name
!URL
!URL
|-
!colspan="3"|NIEF Mandatory
|-
|-
|niefEmail
|niefEmail
Line 76: Line 78:
|Unique Subject Id
|Unique Subject Id
|https://nief.org/attribute-registry/attributes/user/nief/UniqueSubjectId/1.0
|https://nief.org/attribute-registry/attributes/user/nief/UniqueSubjectId/1.0
|-
!colspan="3"|NIEF Highly Recommended
|-
|-
|nief28CFR
|nief28CFR
Line 88: Line 92:
|Employer ORI
|Employer ORI
|https://nief.org/attribute-registry/attributes/user/gfipm/EmployerORI/2.0
|https://nief.org/attribute-registry/attributes/user/gfipm/EmployerORI/2.0
|-
|niefEmployerOrganizationGeneralCategoryCode
|Employer Organization General Category Code
|https://nief.org/attribute-registry/attributes/user/gfipm/EmployerOrganizationGeneralCategoryCode/2.0
|-
|niefEmployerStateCode
|Employer State Code
|https://nief.org/attribute-registry/attributes/user/gfipm/EmployerStateCode/2.0
|-
|niefIdentityProofingAssuranceLevelCode
|Identity Proofing Assurance Level Code
|https://nief.org/attribute-registry/attributes/user/gfipm/IdentityProofingAssuranceLevelCode/2.0
|-
|niefPSO
|Public Safety Officer Indicator
|https://nief.org/attribute-registry/attributes/user/gfipm/PublicSafetyOfficerIndicator/2.0
|-
|niefSLEO
|Sworn Law Enforcement Officer Indicator
|https://nief.org/attribute-registry/attributes/user/gfipm/SwornLawEnforcementOfficerIndicator/2.0
|-
|niefAAL
|Authenticator Assurance Level
|https://nief.org/attribute-registry/attributes/user/nief/AuthenticatorAssuranceLevel/1.0
|-
|niefFAL
|Federation Assurance Level
|https://nief.org/attribute-registry/attributes/user/nief/FederationAssuranceLevel/1.0
|-
|niefIAL
|Identity Assurance Level
|https://nief.org/attribute-registry/attributes/user/nief/IdentityAssuranceLevel/1.0
|-
!colspan="3"|NIEF Recommended
|-
|niefIntelligenceAnalystIndicator
|Intelligence Analyst Indicator
|https://nief.org/attribute-registry/attributes/user/nief/IntelligenceAnalystIndicator/1.0
|-
|niefCounterTerrorismDataSelfSearchHomePrivilegeIndicator
|Counter Terrorism Data Self Search Home Privilege Indicator
|https://nief.org/attribute-registry/attributes/user/gfipm/CounterTerrorismDataSelfSearchHomePrivilegeIndicator/2.0
|-
|niefCriminalHistoryDataSelfSearchHomePrivilegeIndicator
|Criminal History Data Self Search Home Privilege Indicator
|https://nief.org/attribute-registry/attributes/user/gfipm/CriminalHistoryDataSelfSearchHomePrivilegeIndicator/2.0
|-
|niefCriminalIntelligenceDataSelfSearchHomePrivilegeIndicator
|Criminal Intelligence Data Self Search Home Privilege Indicator
|https://nief.org/attribute-registry/attributes/user/gfipm/CriminalIntelligenceDataSelfSearchHomePrivilegeIndicator/2.0
|-
|niefCriminalInvestigativeDataSelfSearchHomePrivilegeIndicator
|Criminal Investigative Data Self Search Home Privilege Indicator
|https://nief.org/attribute-registry/attributes/user/gfipm/CriminalInvestigativeDataSelfSearchHomePrivilegeIndicator/2.0
|-
|niefDisplayName
|Display Name
|https://nief.org/attribute-registry/attributes/user/gfipm/DisplayName/2.0
|-
|niefGovernmentDataSelfSearchHomePrivilegeIndicator
|Government Data Self Search Home Privilege Indicator
|https://nief.org/attribute-registry/attributes/user/gfipm/GovernmentDataSelfSearchHomePrivilegeIndicator/2.0
|-
|niefLocalId
|Local Id
|https://nief.org/attribute-registry/attributes/user/gfipm/LocalId/2.0
|-
|niefNCICCertificationIndicator
|NCIC Certification Indicator
|https://nief.org/attribute-registry/attributes/user/gfipm/NCICCertificationIndicator/2.0
|-
|niefNDExPrivilegeIndicator
|NDEx Privilege Indicator
|https://nief.org/attribute-registry/attributes/user/gfipm/NDExPrivilegeIndicator/2.0
|-
|niefPCIICertificationIndicator
|PCII Certification Indicator
|https://nief.org/attribute-registry/attributes/user/gfipm/PCIICertificationIndicator/2.0
|-
|niefFICAMAssuranceLevelCode
|FICAM Assurance Level Code
|https://nief.org/attribute-registry/attributes/user/nief/FICAMAssuranceLevelCode/1.0
|}
|}


Revision as of 00:48, 6 May 2021

About

Just some notes about Shibboleth IDP4 based on discussions with Texas DPS.

Sample attribute-filter

   <AttributeFilterPolicy id="releaseAll">
       <PolicyRequirementRule xsi:type="ANY" />
       <AttributeRule attributeID="OrgId">
           <PermitValueRule xsi:type="ANY" />
       </AttributeRule>
       <AttributeRule attributeID="empname">
           <PermitValueRule xsi:type="ANY" />
       </AttributeRule>
       <AttributeRule attributeID="LocalId">
           <PermitValueRule xsi:type="ANY" />
       </AttributeRule>
       <AttributeRule attributeID="lastname">
           <PermitValueRule xsi:type="ANY" />
       </AttributeRule>
       <AttributeRule attributeID="firstname">
           <PermitValueRule xsi:type="ANY" />
       </AttributeRule>
       <AttributeRule attributeID="mail">
           <PermitValueRule xsi:type="ANY" />
       </AttributeRule>
       <AttributeRule attributeID="gfipmmail">
           <PermitValueRule xsi:type="ANY" />
       </AttributeRule>
       <AttributeRule attributeID="fedid">
           <PermitValueRule xsi:type="ANY" />
       </AttributeRule>
   </AttributeFilterPolicy>

Sample Attribute Definition

To Do: Create a NIEF Attribute Registry definition.

If you add the NIEF Attribute Defintions you can reference this table for the IDs to use within the Attribute Resolver:

Id Within attribute-resolver.xml Attribute Name URL
NIEF Mandatory
niefEmail Email Address Text https://nief.org/attribute-registry/attributes/user/gfipm/EmailAddressText/2.0
niefEmployer Employer Name https://nief.org/attribute-registry/attributes/user/gfipm/EmployerName/2.0
niefFedId Federation Id https://nief.org/attribute-registry/attributes/user/gfipm/FederationId/2.0
niefGivenName Given Name https://nief.org/attribute-registry/attributes/user/gfipm/GivenName/2.0
niefIdentityProviderId Identity Provider Id https://nief.org/attribute-registry/attributes/user/gfipm/IdentityProviderId/2.0
niefSurName Sur Name https://nief.org/attribute-registry/attributes/user/gfipm/SurName/2.0
niefTelephoneNumber Telephone Number https://nief.org/attribute-registry/attributes/user/gfipm/TelephoneNumber/2.0
niefIdentityProviderId Identity Provider Id https://nief.org/attribute-registry/attributes/user/nief/IdentityProviderId/1.0
niefUniqueSubjectId Unique Subject Id https://nief.org/attribute-registry/attributes/user/nief/UniqueSubjectId/1.0
NIEF Highly Recommended
nief28CFR 28 CFR Certification Indicator https://nief.org/attribute-registry/attributes/user/gfipm/28CFRCertificationIndicator/2.0
niefElectronicAuthenticationAssuranceLevelCode Electronic Authentication Assurance Level Code https://nief.org/attribute-registry/attributes/user/gfipm/ElectronicAuthenticationAssuranceLevelCode/2.0
niefORI Employer ORI https://nief.org/attribute-registry/attributes/user/gfipm/EmployerORI/2.0
niefEmployerOrganizationGeneralCategoryCode Employer Organization General Category Code https://nief.org/attribute-registry/attributes/user/gfipm/EmployerOrganizationGeneralCategoryCode/2.0
niefEmployerStateCode Employer State Code https://nief.org/attribute-registry/attributes/user/gfipm/EmployerStateCode/2.0
niefIdentityProofingAssuranceLevelCode Identity Proofing Assurance Level Code https://nief.org/attribute-registry/attributes/user/gfipm/IdentityProofingAssuranceLevelCode/2.0
niefPSO Public Safety Officer Indicator https://nief.org/attribute-registry/attributes/user/gfipm/PublicSafetyOfficerIndicator/2.0
niefSLEO Sworn Law Enforcement Officer Indicator https://nief.org/attribute-registry/attributes/user/gfipm/SwornLawEnforcementOfficerIndicator/2.0
niefAAL Authenticator Assurance Level https://nief.org/attribute-registry/attributes/user/nief/AuthenticatorAssuranceLevel/1.0
niefFAL Federation Assurance Level https://nief.org/attribute-registry/attributes/user/nief/FederationAssuranceLevel/1.0
niefIAL Identity Assurance Level https://nief.org/attribute-registry/attributes/user/nief/IdentityAssuranceLevel/1.0
NIEF Recommended
niefIntelligenceAnalystIndicator Intelligence Analyst Indicator https://nief.org/attribute-registry/attributes/user/nief/IntelligenceAnalystIndicator/1.0
niefCounterTerrorismDataSelfSearchHomePrivilegeIndicator Counter Terrorism Data Self Search Home Privilege Indicator https://nief.org/attribute-registry/attributes/user/gfipm/CounterTerrorismDataSelfSearchHomePrivilegeIndicator/2.0
niefCriminalHistoryDataSelfSearchHomePrivilegeIndicator Criminal History Data Self Search Home Privilege Indicator https://nief.org/attribute-registry/attributes/user/gfipm/CriminalHistoryDataSelfSearchHomePrivilegeIndicator/2.0
niefCriminalIntelligenceDataSelfSearchHomePrivilegeIndicator Criminal Intelligence Data Self Search Home Privilege Indicator https://nief.org/attribute-registry/attributes/user/gfipm/CriminalIntelligenceDataSelfSearchHomePrivilegeIndicator/2.0
niefCriminalInvestigativeDataSelfSearchHomePrivilegeIndicator Criminal Investigative Data Self Search Home Privilege Indicator https://nief.org/attribute-registry/attributes/user/gfipm/CriminalInvestigativeDataSelfSearchHomePrivilegeIndicator/2.0
niefDisplayName Display Name https://nief.org/attribute-registry/attributes/user/gfipm/DisplayName/2.0
niefGovernmentDataSelfSearchHomePrivilegeIndicator Government Data Self Search Home Privilege Indicator https://nief.org/attribute-registry/attributes/user/gfipm/GovernmentDataSelfSearchHomePrivilegeIndicator/2.0
niefLocalId Local Id https://nief.org/attribute-registry/attributes/user/gfipm/LocalId/2.0
niefNCICCertificationIndicator NCIC Certification Indicator https://nief.org/attribute-registry/attributes/user/gfipm/NCICCertificationIndicator/2.0
niefNDExPrivilegeIndicator NDEx Privilege Indicator https://nief.org/attribute-registry/attributes/user/gfipm/NDExPrivilegeIndicator/2.0
niefPCIICertificationIndicator PCII Certification Indicator https://nief.org/attribute-registry/attributes/user/gfipm/PCIICertificationIndicator/2.0
niefFICAMAssuranceLevelCode FICAM Assurance Level Code https://nief.org/attribute-registry/attributes/user/nief/FICAMAssuranceLevelCode/1.0

Quick Test, create a properties file per attribute in the attributes/custom directory: 

   id=gfipmmail
   transcoder=SAML2StringTranscoder
   saml2.name=gfipm:2.0:user:EmailAddressText

   id=firstname
   transcoder=SAML2StringTranscoder
   saml2.name=gfipm:2.0:user:GivenName

   id=lastname
   transcoder=SAML2StringTranscoder
   saml2.name=gfipm:2.0:user:SurName

GFIPM Reference Fed Metadata Provider

   <MetadataProvider id="HTTPMetadata"
                     xsi:type="FileBackedHTTPMetadataProvider"
                     backingFile="%{idp.home}/metadata/localCopyFromNIEFTestbed.xml"
                     metadataURL="https://ref.gfipm.net/gfipm-signed-ref-metadata.xml">
       <MetadataFilter xsi:type="SignatureValidation" certificateFile="%{idp.home}/credentials/gfipm-ca.pem" />
       <MetadataFilter xsi:type="EntityRole">
           <RetainedRole>md:SPSSODescriptor</RetainedRole>
       </MetadataFilter>
   </MetadataProvider>
Retrieved from "https://wiki.nief.org/index.php?title=Shibboleth_IDP4_Notes&oldid=251"