Versions Compared

Old Version 27

changes.mady.by.user Fredrik Domeij

Saved on

compared with

New Version 28

changes.mady.by.user Hans Nordlöf

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To get the approved assurance profiles from metadata you need to activate the Metadata Attribute Extraction extension in Shibboleth SP. This is done by extending the ApplicationDefaults tag in Shibboleth2.xml by adding metadataAttributePrefix="Meta-" after REMOTE_USER="...", see example. This is a standard example in the file example-shibboleth2.xml in later versions of Shibboleth SP. It is also included in the SWAMID Configure Shibboleth SP - SWAMID-shibboleth2.xml

Code Block
languagexml
titleExample ApplicationDefaults in shibboleth2.xml
<ApplicationDefaults
    entityID="https://example.com/shibboleth"
    REMOTE_USER="eppn persistent-id targeted-id"
    metadataAttributePrefix="Meta-">

...

Next step is to make approved assurance levels available in the application. This is done attribute-map.xml the same way as normal Identity Provider asserted attributes. It is also included in Configure Shibboleth SP - attribute-map.xml

Code Block
languagexml
titleDefinition of metadata assurance certification attribute in attribute-map.xml
<Attribute name="urn:oasis:names:tc:SAML:attribute:assurance-certification" id="Assurance-Certification"/>

...