Versions Compared

Old Version 8

changes.mady.by.user Pål Axelsson

Saved on

compared with

New Version 9

changes.mady.by.user Pål Axelsson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Identity Provider uses the attribute eduPersonAssurance to assert the logged in user's assurance profle. Please observe that the Identity Provider must not indicate any other assurance profile than it's approved for. Signaling the user's assurance profile via the attribute eduPersonAssurance means that the user verfication fulfills all parts of the asserted assurance profile. Attribute mapping for eduPersonAssurance is defined as assurance in Configure Shibboleth SP - attribute-map.xml.

  • An Identity Provider that has an assurance certfication i metadata for SWAMID AL2 is allowed to assert that a user is approved for SWAMID AL2 or SWAMID AL1.
  • An Identity Provider that has an assurance certfication i metadata for SWAMID AL1 is allowed to assert that a user is approved for SWAMID AL1.
  • An Identity Provider that has no assurance certfication i metadata is not allowed to assert that a user is approved for a SWAMID assurance profile.

...

If the web application need to check if a user is approved for an assurance profile the application needs to check approved assurance profiles for both the user and the used Indentity Provider as described in the bullit list in this document. Attribute mapping for eduPersonAssurance is defined in Configure Shibboleth SP - attribute-map.xml.