Shibboleth IDP4 Notes: Difference between revisions
Jump to navigation
Jump to search
Line 3: | Line 3: | ||
== Sample attribute-filter == | == Sample attribute-filter == | ||
The following attribute filter is designed to release all NIEF Mandatory, NIEF Highly Recommended, and NIEF Recommended attributes to all partners. It assumes the attributeIDs as defined within the NIEF Attribute Definitions for Shibboleth 4, seen below. | |||
<AttributeFilterPolicy id="releaseAll"> | <AttributeFilterPolicy id="releaseAll"> |
Revision as of 02:18, 6 May 2021
About
Just some notes about Shibboleth IDP4 based on discussions with Texas DPS.
Sample attribute-filter
The following attribute filter is designed to release all NIEF Mandatory, NIEF Highly Recommended, and NIEF Recommended attributes to all partners. It assumes the attributeIDs as defined within the NIEF Attribute Definitions for Shibboleth 4, seen below.
<AttributeFilterPolicy id="releaseAll"> <PolicyRequirementRule xsi:type="ANY" /> <AttributeRule attributeID="niefEmail"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefEmployer"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefFedId"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefGivenName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefIdentityProviderId"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefSurName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefTelephoneNumber"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefIdentityProviderId"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefUniqueSubjectId"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="nief28CFR"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefElectronicAuthenticationAssuranceLevelCode"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefORI"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefEmployerOrganizationGeneralCategoryCode"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefEmployerStateCode"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefIdentityProofingAssuranceLevelCode"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefPSO"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefSLEO"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefAAL"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefFAL"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefIAL"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefIntelligenceAnalystIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefCounterTerrorismDataSelfSearchHomePrivilegeIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefCriminalHistoryDataSelfSearchHomePrivilegeIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefCriminalIntelligenceDataSelfSearchHomePrivilegeIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefCriminalInvestigativeDataSelfSearchHomePrivilegeIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefDisplayName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefGovernmentDataSelfSearchHomePrivilegeIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefLocalId"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefNCICCertificationIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefNDExPrivilegeIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefPCIICertificationIndicator"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="niefFICAMAssuranceLevelCode"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> </AttributeFilterPolicy>
Sample Attribute Definition
To Do: Create a NIEF Attribute Registry definition.
If you add the NIEF Attribute Defintions you can reference this table for the IDs to use within the Attribute Resolver:
Quick Test, create a properties file per attribute in the attributes/custom directory:
id=gfipmmail transcoder=SAML2StringTranscoder saml2.name=gfipm:2.0:user:EmailAddressText
id=firstname transcoder=SAML2StringTranscoder saml2.name=gfipm:2.0:user:GivenName
id=lastname transcoder=SAML2StringTranscoder saml2.name=gfipm:2.0:user:SurName
GFIPM Reference Fed Metadata Provider
<MetadataProvider id="HTTPMetadata" xsi:type="FileBackedHTTPMetadataProvider" backingFile="%{idp.home}/metadata/localCopyFromNIEFTestbed.xml" metadataURL="https://ref.gfipm.net/gfipm-signed-ref-metadata.xml"> <MetadataFilter xsi:type="SignatureValidation" certificateFile="%{idp.home}/credentials/gfipm-ca.pem" /> <MetadataFilter xsi:type="EntityRole"> <RetainedRole>md:SPSSODescriptor</RetainedRole> </MetadataFilter> </MetadataProvider>