configure SP for authentication and attribute retrieval

Tonu Mikk tmikk at umn.edu
Tue Sep 6 21:48:08 BST 2011 

Hello,

I would like to configure our SP for authentication and also attribute
retrieval.  A user would authenticate and upon successful authentication the
web server would have access to some additional attributes.

So far I have configured shibboleth2.xml and metadata file to work with our
IdP and provide authentication.  I am now looking to configure these two
files so that I can retrieve attributes.   Do I need to create a new entity
ID in order to retrieve attributes?  The virtual host for both
authentication and retrieval of attributes is the same.  If I need an
additional entity ID, could I rely on the second example from
NativeSPApplication page:
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApplication ?

For metadata configuration I am referencing this guide:
https://wiki.shibboleth.net/confluence/display/SHIB2/MetadataForSP#MetadataForSP-AssertionConsumerServices
.
 I understand that I would need to manually create entries like this in the
metadata.  How would I know the Name and NameFormat that I would need to
reference?


    <md:AttributeConsumingService index="1">
      <md:ServiceName xml:lang="en">Sample Service</md:ServiceName>
      <md:ServiceDescription xml:lang="en">An example service that
requires a human-readable identifier and optional name and e-mail
address.</md:ServiceDescription>

      <md:RequestedAttribute FriendlyName="eduPersonPrincipalName"
Name="urn:mace:dir:attribute-def:eduPersonPrincipalName"
NameFormat="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
      <md:RequestedAttribute FriendlyName="mail"
Name="urn:mace:dir:attribute-def:mail"
NameFormat="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
      <md:RequestedAttribute FriendlyName="displayName"
Name="urn:mace:dir:attribute-def:displayName"
NameFormat="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>

      <md:RequestedAttribute FriendlyName="eduPersonPrincipalName"
Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
      <md:RequestedAttribute FriendlyName="mail"
Name="urn:oid:0.9.2342.19200300.100.1.3"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
      <md:RequestedAttribute FriendlyName="displayName"
Name="urn:oid:2.16.840.1.113730.3.1.241"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>

    </md:AttributeConsumingService>



Thank you for your help,
Tonu

-- 
Tonu Mikk
Disability Services, Office for Equity and Diversity
612 625-3307
tmikk at umn.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20110906/6305bcec/attachment.html

More information about the users mailing list