Shibboleth IDP4 Notes: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
Line 48: | Line 48: | ||
transcoder=SAML2StringTranscoder | transcoder=SAML2StringTranscoder | ||
saml2.name=gfipm:2.0:user:SurName | saml2.name=gfipm:2.0:user:SurName | ||
== GFIPM Reference Fed Metadata Provider == | |||
<MetadataProvider id="HTTPMetadata" | |||
xsi:type="FileBackedHTTPMetadataProvider" | |||
backingFile="%{idp.home}/metadata/localCopyFromNIEFTestbed.xml" | |||
metadataURL="https://ref.gfipm.net/gfipm-signed-ref-metadata.xml"> | |||
<MetadataFilter xsi:type="SignatureValidation" certificateFile="%{idp.home}/credentials/gfipm-ca.pem" /> | |||
<MetadataFilter xsi:type="EntityRole"> | |||
<RetainedRole>md:SPSSODescriptor</RetainedRole> | |||
</MetadataFilter> | |||
</MetadataProvider> |
Revision as of 21:06, 5 May 2021
About
Just some notes about Shibboleth IDP4 based on discussions with Texas DPS.
Sample attribute-filter
<AttributeFilterPolicy id="releaseAll"> <PolicyRequirementRule xsi:type="ANY" /> <AttributeRule attributeID="OrgId"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="empname"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="LocalId"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="lastname"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="firstname"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="mail"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="gfipmmail"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="fedid"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> </AttributeFilterPolicy>
Sample Attribute Definition
To Do: Create a NIEF Attribute Registry definition.
Quick Test, create a properties file per attribute in the attributes/custom directory:
id=gfipmmail transcoder=SAML2StringTranscoder saml2.name=gfipm:2.0:user:EmailAddressText
id=firstname transcoder=SAML2StringTranscoder saml2.name=gfipm:2.0:user:GivenName
id=lastname transcoder=SAML2StringTranscoder saml2.name=gfipm:2.0:user:SurName
GFIPM Reference Fed Metadata Provider
<MetadataProvider id="HTTPMetadata" xsi:type="FileBackedHTTPMetadataProvider" backingFile="%{idp.home}/metadata/localCopyFromNIEFTestbed.xml" metadataURL="https://ref.gfipm.net/gfipm-signed-ref-metadata.xml">
<MetadataFilter xsi:type="SignatureValidation" certificateFile="%{idp.home}/credentials/gfipm-ca.pem" /> <MetadataFilter xsi:type="EntityRole"> <RetainedRole>md:SPSSODescriptor</RetainedRole> </MetadataFilter> </MetadataProvider>