Versions Compared

Old Version 19

changes.mady.by.user Pål Axelsson

Saved on

compared with

New Version 20

changes.mady.by.user Pål Axelsson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
<!-- Country name and country ISO-3166 code plus academic organisational information -->
<Attribute name="urn:mace:dir:attribute-def:co" id="friendlyCountryName"/>
<Attribute name="urn:mace:dir:attribute-def:c" id="countryName"/>
<Attribute name="urn:oid:0.9.2342.19200300.100.1.43" id="friendlyCountryName"/>
<Attribute name="urn:oid:2.5.4.6" id="countryName"/>
<Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.6" id="norEduOrgAcronym" />
<Attribute name="urn:oid:1.3.6.1.4.1.25178.1.2.9" id="schacHomeOrganization"/>

<Attribute name="urn:oid:1.3.6.1.4.1.25178.1.2.9" id="schacHomeOrganizationType"/>

Konfiguration för Shibboleth 2.x IdP

...

  • Konfigurerar en statisk datakälla
  • Konfigurerar attributrelease för attributen
  • Konfigurerar attributfilter för SWAMID och Kalmar2

Lägg till följande i avsnittet Data Connectors i attribute-resolver.xml:

...

Code Block
<!-- Static data connector -->
<resolver:DataConnector id="staticAttributes" xsi:type="dc:Static" xmlns="urn:mace:shibboleth:2.0:resolver:dc">
    <Attribute id="o">
        <Value>Lärosäte X</Value>
    </Attribute>
    <Attribute id="norEduOrgAcronym">
        <Value>XX</Value>
    </Attribute>
    <Attribute id="c">
        <Value>SE</Value>
    </Attribute>
    <Attribute id="co">
        <Value>Sweden</Value>
    </Attribute>
    <Attribute id="schacHomeOrganization">
        <Value>domän.se</Value>
    </Attribute>
    <Attribute id="schacHomeOrganizationType">
        <Value>urn:schac:homeOrganizationType:eu:higherEducationalInstitution</Value>
        <!-- Detta värde är för universitet och högskolor, övriga tillåtna värden är:
             - urn:schac:homeOrganizationType:eu:educationalInstitution
             - urn:schac:homeOrganizationType:int:NREN
             - urn:schac:homeOrganizationType:int:universityHospital
             - urn:schac:homeOrganizationType:int:NRENAffiliate
             - urn:schac:homeOrganizationType:int:other -->
    </Attribute>
</resolver:DataConnector>

Lägg till eller ändra följande i avsnittet Attribute definitions i attribute-resolver.xml:

...

Code Block
<!-- Organizational name -->
    <resolver:AttributeDefinition id="organizationName" xsi:type="Simple"
        xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="o">
    <resolver:Dependency ref="staticAttributes" />
    <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:mace:dir:attribute-def:o" />
    <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:oid:2.5.4.10" friendlyName="o" />
</resolver:AttributeDefinition>

<!-- Organizational acronym -->
    <resolver:AttributeDefinition id="norEduOrgAcronym" xsi:type="Simple"
        xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="norEduOrgAcronym">
    <resolver:Dependency ref="staticAttributes" />
    <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:mace:dir:attribute-def:norEduOrgAcronym" />
    <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:oid:1.3.6.1.4.1.2428.90.1.6" friendlyName="norEduOrgAcronym" />
</resolver:AttributeDefinition>

<!-- Country name -->
    <resolver:AttributeDefinition id="friendlyCountryName" xsi:type="Simple"
        xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="co">
    <resolver:Dependency ref="staticAttributes" />
    <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:mace:dir:attribute-def:co" />
    <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:oid:0.9.2342.19200300.100.1.43" friendlyName="co" />
</resolver:AttributeDefinition>

<!-- Country ISO-3166 code -->
    <resolver:AttributeDefinition id="countryName" xsi:type="Simple"
        xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="c">
    <resolver:Dependency ref="staticAttributes" />
    <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:mace:dir:attribute-def:c" />
    <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:oid:2.5.4.6" friendlyName="c" />
</resolver:AttributeDefinition>

<!-- schacHomeOrganization main domain -->
    <resolver:AttributeDefinition id="schacHomeOrganization" xsi:type="Simple"
        xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="schacHomeOrganization">
    <resolver:Dependency ref="staticAttributes" />
    <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:mace:dir:attribute-def:schacHomeOrganization" />
    <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:oid:1.3.6.1.4.1.25178.1.2.9" friendlyName="schacHomeOrganization" />
</resolver:AttributeDefinition>

Lägg till följande i attributrelase för SWAMID i attribute-filter.xml:

I exempelfilen för entitetsbaserad attributrelease finns användningen av de statiska organisationsfiltren definierad. Om ni inte använder entitetsbaserad attributrelease kan ni använda nedanstående konfigurationer där ni vill släppa ut attributen.

Code Block
<AttributeRule attributeID="organizationName">
    <PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
<AttributeRule attributeID="norEduOrgAcronym"
 
<!-- schacHomeOrganization type -->
    <resolver:AttributeDefinition id="schacHomeOrganizationType" xsi:type="Simple"
        xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="schacHomeOrganization">
    <resolver:Dependency ref="staticAttributes" />
    <PermitValueRule<resolver:AttributeEncoder xsi:type="basic:ANYSAML1String" />
</AttributeRule>
<AttributeRule attributeID="countryName">
xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
        <PermitValueRule xsi:type="basic:ANY    name="urn:mace:dir:attribute-def:schacHomeOrganizationType" />
</AttributeRule>
<AttributeRule attributeID="friendlyCountryName">
    <PermitValueRule<resolver:AttributeEncoder xsi:type="basic:ANYSAML2String" />
</AttributeRule>
<AttributeRule attributeID="schacHomeOrganization">
xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
         <PermitValueRule xsi:type="basic:ANY   name="urn:oid:1.3.6.1.4.1.25178.1.2.10" friendlyName="schacHomeOrganization" />
</AttributeRule>
resolver:AttributeDefinition>

Lägg till följande i attributrelase för SWAMID i attribute-filter.xml:

I exempelfilen för entitetsbaserad attributrelease finns användningen av de statiska organisationsfiltren definierad.