Shibboleth IDP4 Notes: Difference between revisions
Jump to navigation
Jump to search
| Line 39: | Line 39: | ||
!Id | !Id | ||
!Attribute | !Attribute | ||
!URL | |||
|- | |- | ||
| | |niefEmail | ||
| | |Email Address Text | ||
|https://nief.org/attribute-registry/attributes/user/gfipm/EmailAddressText/2.0 | |||
|- | |||
|niefEmployer | |||
|Employer Name | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/EmployerName/2.0 | |||
|- | |||
|niefFedId | |||
|Federation Id | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/FederationId/2.0 | |||
|- | |||
|niefGivenName | |||
|Given Name | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/GivenName/2.0 | |||
|- | |||
|niefIdentityProviderId | |||
|Identity Provider Id | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/IdentityProviderId/2.0 | |||
|- | |||
|niefSurName | |||
|Sur Name | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/SurName/2.0 | |||
|- | |||
|niefTelephoneNumber | |||
|Telephone Number | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/TelephoneNumber/2.0 | |||
|- | |||
|niefIdentityProviderId | |||
|Identity Provider Id | |||
|https://nief.org/attribute-registry/attributes/user/nief/IdentityProviderId/1.0 | |||
|- | |||
|niefUniqueSubjectId | |||
|Unique Subject Id | |||
|https://nief.org/attribute-registry/attributes/user/nief/UniqueSubjectId/1.0 | |||
|- | |||
|nief28CFR | |||
|28 CFR Certification Indicator | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/28CFRCertificationIndicator/2.0 | |||
|- | |||
|niefElectronicAuthenticationAssuranceLevelCode | |||
|Electronic Authentication Assurance Level Code | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/ElectronicAuthenticationAssuranceLevelCode/2.0 | |||
|- | |||
|niefORI | |||
|Employer ORI | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/EmployerORI/2.0 | |||
|} | |} | ||
Revision as of 00:42, 6 May 2021
About
Just some notes about Shibboleth IDP4 based on discussions with Texas DPS.
Sample attribute-filter
<AttributeFilterPolicy id="releaseAll">
<PolicyRequirementRule xsi:type="ANY" />
<AttributeRule attributeID="OrgId">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="empname">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="LocalId">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="lastname">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="firstname">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="mail">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="gfipmmail">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="fedid">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
</AttributeFilterPolicy>
Sample Attribute Definition
To Do: Create a NIEF Attribute Registry definition.
If you add the NIEF Attribute Defintions you can reference this table for the IDs to use within the Attribute Resolver:
Quick Test, create a properties file per attribute in the attributes/custom directory:
id=gfipmmail transcoder=SAML2StringTranscoder saml2.name=gfipm:2.0:user:EmailAddressText
id=firstname transcoder=SAML2StringTranscoder saml2.name=gfipm:2.0:user:GivenName
id=lastname transcoder=SAML2StringTranscoder saml2.name=gfipm:2.0:user:SurName
GFIPM Reference Fed Metadata Provider
<MetadataProvider id="HTTPMetadata"
xsi:type="FileBackedHTTPMetadataProvider"
backingFile="%{idp.home}/metadata/localCopyFromNIEFTestbed.xml"
metadataURL="https://ref.gfipm.net/gfipm-signed-ref-metadata.xml">
<MetadataFilter xsi:type="SignatureValidation" certificateFile="%{idp.home}/credentials/gfipm-ca.pem" />
<MetadataFilter xsi:type="EntityRole">
<RetainedRole>md:SPSSODescriptor</RetainedRole>
</MetadataFilter>
</MetadataProvider>