...
To get the approved assurance profiles from metadata you need to activate the Metadata Attribute Extraction extension i Shibboleth SP. This is done the ApplicationDefaults tag in Shibboleth2.xml by adding metadataAttributePrefix="Shib-Meta-" after REMOTE_USER="...", se example below.
Code Block | ||||
---|---|---|---|---|
| ||||
<ApplicationDefaults id="default" policyId="default" entityID="default" REMOTE_USER="eppn persistent-id targeted-id" metadataAttributePrefix="Shib-Meta-" signing="false" encryption="false"> |
...
Next step is to make approved assurance levels available in the application. This is done atribute-map.xml the same way as normal Identity Provider asserted attributes.
Code Block | ||||
---|---|---|---|---|
| ||||
<Attribute name="urn:oasis:names:tc:SAML:attribute:assurance-certification" id="Assurance-Certification"/> |
...