Versions Compared

Old Version 36

changes.mady.by.user Pål Axelsson

Saved on

compared with

New Version Current

changes.mady.by.user Fredrik Domeij

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To get the approved assurance profiles from metadata you need to activate the Metadata Attribute Extraction extension in Shibboleth SP. This is done by extending the ApplicationDefaults tag in shibboleth2.xml by adding metadataAttributePrefix="Meta-" after REMOTE_USER="..." and the AttributeExtractor tag with type Metadata and specifying errorURL, DisplayName and registrationAuthority, see example. This is a standard example in the file example-shibboleth2.xml in later versions of Shibboleth SP. It is also included in the example files at SWAMID Configure Shibboleth SP - SWAMID-shibboleth2.xml

Code Block
languagexml
titleExample ApplicationDefaults in shibboleth2.xml
<ApplicationDefaults
    entityID="https://example.com/shibboleth"
    REMOTE_USER="eppn persistent-id targeted-id"
    metadataAttributePrefix="Meta-">


Code Block
languagexml
titleExample AttributeExtractor in shibboleth2.xml
<!-- Extracts support information for IdP from its metadata. -->
<AttributeExtractor type="Metadata" errorURL="errorURL" DisplayName="displayName" registrationAuthority="registrationAuthority"/>


Info
titleImportant information
Please note that you may get to many headers after activating this extension. If you do, please remove all unused attributes from attribute-map.xml or modify backend header limits (LimitRequestFields/LimitRequestFieldSize in Apache HTTPD Server, maxHeaderCount/maxHttpHeaderSize in Apache Tomcat Connectors).

...