...
To get the approved assurance profiles from metadata you need to activate the Metadata Attribute Extraction extension i Shibboleth SP. This is done the ApplicationDefaults tag in Shibboleth2.xml by adding metadataAttributePrefix="Shib-Meta-" after REMOTE_USER="...", se example below.
| Code Block | ||||
|---|---|---|---|---|
| ||||
<ApplicationDefaults
id="default" policyId="default"
entityID="default"
REMOTE_USER="eppn persistent-id targeted-id"
metadataAttributePrefix="Shib-Meta-"
signing="false" encryption="false"> |
...
Next step is to make approved assurance levels available in the application. This is done atribute-map.xml the same way as normal Identity Provider asserted attributes.
| Code Block | ||||
|---|---|---|---|---|
| ||||
<Attribute name="urn:oasis:names:tc:SAML:attribute:assurance-certification" id="Assurance-Certification"/> |
...