Versions Compared

Old Version 10

changes.mady.by.user Pål Axelsson

Saved on

compared with

New Version 11

changes.mady.by.user Pål Axelsson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Värden för eduPersonScopedAffiliation följer användningen i SWAMID enlig ovan.
  • Alla medlemmar i gruppen "Anstallda" får member@hogskola.se och employee@hogskola.se. member@domän och employee@domän.
  • Alla medlemmar i gruppen "Studenter" får member@hogskola.se och student@hogskola.se. member@domän och student@domän.
  • Alla medlemmar i gruppen "OvrigaMedlemmar" får member@hogskola.se member@domän.
  • Alla medlemmar i gruppen "Alumner" får alumn@hogskola.se alumn@domän.
Känd begränsning:

  • Grupper i grupper fungerar inte.

    Code Block
    <resolver:AttributeDefinition xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
                              id="memberOf" dependencyOnly="true">
     <resolver:Dependency ref="myLDAP" />
</resolver:AttributeDefinition>

<resolver:AttributeDefinition xsi:type="Script" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
                              id="eduPersonScopedAffiliation">

    <!-- Dependency that provides the source attribute. -->
    <resolver:Dependency ref="memberOf" />

    <!-- SAML 1 and 2 encoders for the attribute. -->
    <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
		               name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" />
    <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
		               name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9"
                               friendlyName="eduPersonScopedAffiliation" />

    <!-- The script, wrapped in a CDATA section so that special XML characters don't need to be removed -->
    <Script><![CDATA[
        importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);

        // Create attribute to be returned from definition
        eduPersonAffiliation = new BasicAttribute("eduPersonScopedAffiliation");

        // If the user has group membership
        if (typeof memberOf != "undefined" && memberOf != null ){
            // The go through each group membership and add the appropriate affiliation
            // The IdP will remove duplicate values so we don't need to worry about that here
            for ( i = 0; i < memberOf.getValues().size(); i++ ){
                if (memberOf.getValues().get(i).equals("Anstallda")){
                    eduPersonAffiliation.getValues().add("member@hogskola.se");
                    eduPersonAffiliation.getValues().add("employee@hogskola.se");
                }
                if (memberOf.getValues().get(i).equals("Studenter")){
                    eduPersonAffiliation.getValues().add("member@hogskola.se");
                    eduPersonAffiliation.getValues().add("student@hogskola.se");
                }
                if (memberOf.getValues().get(i).equals("OvrigaMedlemmar")){
                    eduPersonAffiliation.getValues().add("member@hogskola.se");
                }
                if (memberOf.getValues().get(i).equals("Alumner") > 0){
                    eduPersonAffiliation.getValues().add("alumn@hogskola.se");
                }
            }
        }
    ]]></Script>
</resolver:AttributeDefinition>