Shibboleth IDP4 Notes: Difference between revisions
Jump to navigation
Jump to search
Line 249: | Line 249: | ||
|} | |} | ||
== GFIPM Reference Fed Metadata Provider == | == GFIPM Reference Fed Metadata Provider == |
Revision as of 02:21, 6 May 2021
About
Just some notes about Shibboleth IDP4 based on discussions with Texas DPS.
Sample attribute-filter
The following attribute filter is designed to release all NIEF Mandatory, NIEF Highly Recommended, and NIEF Recommended attributes to all partners. It assumes the attributeIDs as defined within the NIEF Attribute Definitions for Shibboleth 4, seen below.
<AttributeFilterPolicy id="releaseAll"> <PolicyRequirementRule xsi:type="ANY" /> <AttributeRule attributeID="niefEmail"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefEmployer"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefFedId"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefGivenName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefIdentityProviderId"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefSurName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefTelephoneNumber"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefIdentityProviderId"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefUniqueSubjectId"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="nief28CFR"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefElectronicAuthenticationAssuranceLevelCode"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefORI"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefEmployerOrganizationGeneralCategoryCode"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefEmployerStateCode"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefIdentityProofingAssuranceLevelCode"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefPSO"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefSLEO"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefAAL"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefFAL"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefIAL"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefIntelligenceAnalystIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefCounterTerrorismDataSelfSearchHomePrivilegeIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefCriminalHistoryDataSelfSearchHomePrivilegeIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefCriminalIntelligenceDataSelfSearchHomePrivilegeIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefCriminalInvestigativeDataSelfSearchHomePrivilegeIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefDisplayName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefGovernmentDataSelfSearchHomePrivilegeIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefLocalId"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefNCICCertificationIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefNDExPrivilegeIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefPCIICertificationIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefFICAMAssuranceLevelCode"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> </AttributeFilterPolicy>
Attribute Definitions
Add the NIEF Attribute Defintions to your Shibboleth 4 IDP and then reference the below table when resolving NIEF attributes within the attribute-resolver.xml:
GFIPM Reference Fed Metadata Provider
<MetadataProvider id="HTTPMetadata" xsi:type="FileBackedHTTPMetadataProvider" backingFile="%{idp.home}/metadata/localCopyFromNIEFTestbed.xml" metadataURL="https://ref.gfipm.net/gfipm-signed-ref-metadata.xml"> <MetadataFilter xsi:type="SignatureValidation" certificateFile="%{idp.home}/credentials/gfipm-ca.pem" /> <MetadataFilter xsi:type="EntityRole"> <RetainedRole>md:SPSSODescriptor</RetainedRole> </MetadataFilter> </MetadataProvider>