Shibboleth IDP4 Notes: Difference between revisions
Jump to navigation
Jump to search
Line 40: | Line 40: | ||
!Attribute Name | !Attribute Name | ||
!URL | !URL | ||
|- | |||
!colspan="3"|NIEF Mandatory | |||
|- | |- | ||
|niefEmail | |niefEmail | ||
Line 76: | Line 78: | ||
|Unique Subject Id | |Unique Subject Id | ||
|https://nief.org/attribute-registry/attributes/user/nief/UniqueSubjectId/1.0 | |https://nief.org/attribute-registry/attributes/user/nief/UniqueSubjectId/1.0 | ||
|- | |||
!colspan="3"|NIEF Highly Recommended | |||
|- | |- | ||
|nief28CFR | |nief28CFR | ||
Line 88: | Line 92: | ||
|Employer ORI | |Employer ORI | ||
|https://nief.org/attribute-registry/attributes/user/gfipm/EmployerORI/2.0 | |https://nief.org/attribute-registry/attributes/user/gfipm/EmployerORI/2.0 | ||
|- | |||
|niefEmployerOrganizationGeneralCategoryCode | |||
|Employer Organization General Category Code | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/EmployerOrganizationGeneralCategoryCode/2.0 | |||
|- | |||
|niefEmployerStateCode | |||
|Employer State Code | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/EmployerStateCode/2.0 | |||
|- | |||
|niefIdentityProofingAssuranceLevelCode | |||
|Identity Proofing Assurance Level Code | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/IdentityProofingAssuranceLevelCode/2.0 | |||
|- | |||
|niefPSO | |||
|Public Safety Officer Indicator | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/PublicSafetyOfficerIndicator/2.0 | |||
|- | |||
|niefSLEO | |||
|Sworn Law Enforcement Officer Indicator | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/SwornLawEnforcementOfficerIndicator/2.0 | |||
|- | |||
|niefAAL | |||
|Authenticator Assurance Level | |||
|https://nief.org/attribute-registry/attributes/user/nief/AuthenticatorAssuranceLevel/1.0 | |||
|- | |||
|niefFAL | |||
|Federation Assurance Level | |||
|https://nief.org/attribute-registry/attributes/user/nief/FederationAssuranceLevel/1.0 | |||
|- | |||
|niefIAL | |||
|Identity Assurance Level | |||
|https://nief.org/attribute-registry/attributes/user/nief/IdentityAssuranceLevel/1.0 | |||
|- | |||
!colspan="3"|NIEF Recommended | |||
|- | |||
|niefIntelligenceAnalystIndicator | |||
|Intelligence Analyst Indicator | |||
|https://nief.org/attribute-registry/attributes/user/nief/IntelligenceAnalystIndicator/1.0 | |||
|- | |||
|niefCounterTerrorismDataSelfSearchHomePrivilegeIndicator | |||
|Counter Terrorism Data Self Search Home Privilege Indicator | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/CounterTerrorismDataSelfSearchHomePrivilegeIndicator/2.0 | |||
|- | |||
|niefCriminalHistoryDataSelfSearchHomePrivilegeIndicator | |||
|Criminal History Data Self Search Home Privilege Indicator | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/CriminalHistoryDataSelfSearchHomePrivilegeIndicator/2.0 | |||
|- | |||
|niefCriminalIntelligenceDataSelfSearchHomePrivilegeIndicator | |||
|Criminal Intelligence Data Self Search Home Privilege Indicator | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/CriminalIntelligenceDataSelfSearchHomePrivilegeIndicator/2.0 | |||
|- | |||
|niefCriminalInvestigativeDataSelfSearchHomePrivilegeIndicator | |||
|Criminal Investigative Data Self Search Home Privilege Indicator | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/CriminalInvestigativeDataSelfSearchHomePrivilegeIndicator/2.0 | |||
|- | |||
|niefDisplayName | |||
|Display Name | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/DisplayName/2.0 | |||
|- | |||
|niefGovernmentDataSelfSearchHomePrivilegeIndicator | |||
|Government Data Self Search Home Privilege Indicator | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/GovernmentDataSelfSearchHomePrivilegeIndicator/2.0 | |||
|- | |||
|niefLocalId | |||
|Local Id | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/LocalId/2.0 | |||
|- | |||
|niefNCICCertificationIndicator | |||
|NCIC Certification Indicator | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/NCICCertificationIndicator/2.0 | |||
|- | |||
|niefNDExPrivilegeIndicator | |||
|NDEx Privilege Indicator | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/NDExPrivilegeIndicator/2.0 | |||
|- | |||
|niefPCIICertificationIndicator | |||
|PCII Certification Indicator | |||
|https://nief.org/attribute-registry/attributes/user/gfipm/PCIICertificationIndicator/2.0 | |||
|- | |||
|niefFICAMAssuranceLevelCode | |||
|FICAM Assurance Level Code | |||
|https://nief.org/attribute-registry/attributes/user/nief/FICAMAssuranceLevelCode/1.0 | |||
|} | |} | ||
Revision as of 00:48, 6 May 2021
About
Just some notes about Shibboleth IDP4 based on discussions with Texas DPS.
Sample attribute-filter
<AttributeFilterPolicy id="releaseAll"> <PolicyRequirementRule xsi:type="ANY" /> <AttributeRule attributeID="OrgId"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="empname"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="LocalId"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="lastname"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="firstname"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="mail"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="gfipmmail"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="fedid"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> </AttributeFilterPolicy>
Sample Attribute Definition
To Do: Create a NIEF Attribute Registry definition.
If you add the NIEF Attribute Defintions you can reference this table for the IDs to use within the Attribute Resolver:
Quick Test, create a properties file per attribute in the attributes/custom directory:
id=gfipmmail transcoder=SAML2StringTranscoder saml2.name=gfipm:2.0:user:EmailAddressText
id=firstname transcoder=SAML2StringTranscoder saml2.name=gfipm:2.0:user:GivenName
id=lastname transcoder=SAML2StringTranscoder saml2.name=gfipm:2.0:user:SurName
GFIPM Reference Fed Metadata Provider
<MetadataProvider id="HTTPMetadata" xsi:type="FileBackedHTTPMetadataProvider" backingFile="%{idp.home}/metadata/localCopyFromNIEFTestbed.xml" metadataURL="https://ref.gfipm.net/gfipm-signed-ref-metadata.xml"> <MetadataFilter xsi:type="SignatureValidation" certificateFile="%{idp.home}/credentials/gfipm-ca.pem" /> <MetadataFilter xsi:type="EntityRole"> <RetainedRole>md:SPSSODescriptor</RetainedRole> </MetadataFilter> </MetadataProvider>