Shibboleth IDP4 Notes: Difference between revisions
Jump to navigation
Jump to search
Line 6: | Line 6: | ||
<AttributeFilterPolicy id="releaseAll"> | <AttributeFilterPolicy id="releaseAll"> | ||
<PolicyRequirementRule xsi:type="ANY" /> | <PolicyRequirementRule xsi:type="ANY" /> | ||
<AttributeRule attributeID="niefEmail"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefEmployer"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefFedId"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefGivenName"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefIdentityProviderId"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefSurName"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefTelephoneNumber"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefIdentityProviderId"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefUniqueSubjectId"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="nief28CFR"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefElectronicAuthenticationAssuranceLevelCode"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefORI"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefEmployerOrganizationGeneralCategoryCode"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefEmployerStateCode"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefIdentityProofingAssuranceLevelCode"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefPSO"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefSLEO"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefAAL"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefFAL"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefIAL"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefIntelligenceAnalystIndicator"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefCounterTerrorismDataSelfSearchHomePrivilegeIndicator"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefCriminalHistoryDataSelfSearchHomePrivilegeIndicator"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefCriminalIntelligenceDataSelfSearchHomePrivilegeIndicator"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefCriminalInvestigativeDataSelfSearchHomePrivilegeIndicator"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefDisplayName"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefGovernmentDataSelfSearchHomePrivilegeIndicator"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefLocalId"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefNCICCertificationIndicator"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefNDExPrivilegeIndicator"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefPCIICertificationIndicator"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeRule> <AttributeRule attributeID="niefFICAMAssuranceLevelCode"> | |||
<PermitValueRule xsi:type="ANY" /> | |||
</AttributeFilterPolicy> | </AttributeFilterPolicy> | ||
Revision as of 00:59, 6 May 2021
About
Just some notes about Shibboleth IDP4 based on discussions with Texas DPS.
Sample attribute-filter
<AttributeFilterPolicy id="releaseAll"> <PolicyRequirementRule xsi:type="ANY" /> <AttributeRule attributeID="niefEmail"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefEmployer"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefFedId"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefGivenName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefIdentityProviderId"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefSurName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefTelephoneNumber"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefIdentityProviderId"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefUniqueSubjectId"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="nief28CFR"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefElectronicAuthenticationAssuranceLevelCode"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefORI"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefEmployerOrganizationGeneralCategoryCode"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefEmployerStateCode"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefIdentityProofingAssuranceLevelCode"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefPSO"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefSLEO"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefAAL"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefFAL"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefIAL"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefIntelligenceAnalystIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefCounterTerrorismDataSelfSearchHomePrivilegeIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefCriminalHistoryDataSelfSearchHomePrivilegeIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefCriminalIntelligenceDataSelfSearchHomePrivilegeIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefCriminalInvestigativeDataSelfSearchHomePrivilegeIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefDisplayName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefGovernmentDataSelfSearchHomePrivilegeIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefLocalId"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefNCICCertificationIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefNDExPrivilegeIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefPCIICertificationIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefFICAMAssuranceLevelCode"> <PermitValueRule xsi:type="ANY" /> </AttributeFilterPolicy>
Sample Attribute Definition
To Do: Create a NIEF Attribute Registry definition.
If you add the NIEF Attribute Defintions you can reference this table for the IDs to use within the Attribute Resolver:
Quick Test, create a properties file per attribute in the attributes/custom directory:
id=gfipmmail transcoder=SAML2StringTranscoder saml2.name=gfipm:2.0:user:EmailAddressText
id=firstname transcoder=SAML2StringTranscoder saml2.name=gfipm:2.0:user:GivenName
id=lastname transcoder=SAML2StringTranscoder saml2.name=gfipm:2.0:user:SurName
GFIPM Reference Fed Metadata Provider
<MetadataProvider id="HTTPMetadata" xsi:type="FileBackedHTTPMetadataProvider" backingFile="%{idp.home}/metadata/localCopyFromNIEFTestbed.xml" metadataURL="https://ref.gfipm.net/gfipm-signed-ref-metadata.xml"> <MetadataFilter xsi:type="SignatureValidation" certificateFile="%{idp.home}/credentials/gfipm-ca.pem" /> <MetadataFilter xsi:type="EntityRole"> <RetainedRole>md:SPSSODescriptor</RetainedRole> </MetadataFilter> </MetadataProvider>