Question about ResourceFilter
Chad La Joie
lajoie at itumi.biz
Fri Sep 16 16:35:27 BST 2011
No, the resource filters should work on any text-based config file.
There are a couple quick things to try though.
First, it looks like you have a space after the '=' in the property,
try removing that. I *think* surrounding whitespace gets stripped but
I'm not 100% sure.
Second, try turning on trace for the filter package and see if it logs
the actual strings that are being compared.
On Fri, Sep 16, 2011 at 11:18, WULMS Alexander
<Alexander.WULMS at swift.com> wrote:
> Hi,
>
>
>
> I’m using Shibboleth Idp 2.3.3. I’m currently experimenting with the
> ResourceFilter tag in the services.xml in order to inject some environment
> specific info into the config files like the attribute-filter.xml.
>
>
>
> I have followed the instructions on
> https://wiki.shibboleth.net/confluence/display/SHIB2/IdPProdConfigFiles but
> it currently does not work as expected.
>
>
>
> Before I applied the resource filter, I had a rule in the
> attribute-filter.xml that looked like:
>
> <afp:AttributeFilterPolicy id="myServiceProvider">
>
> <afp:PolicyRequirementRule xsi:type="basic:AttributeRequesterString"
> value="https://service-provider.domain.com" />
>
> <afp:AttributeRule attributeID="mySpSpecificAttribute">
>
> <afp:PermitValueRule xsi:type="basic:ANY" />
>
> </afp:AttributeRule>
>
> </afp:AttributeFilterPolicy>
>
>
>
> With this setup, the attribute mySpSpecificAttribute gets released into the
> SAML response for the service provider with entity-id
> https://service-provider.domain.com.
>
>
>
> With that working I have made some changes:
>
>
>
> 1) I have enabled a resourcefilter on the attribute-filter.xml in the
> services.xml file:
>
>
>
> <srv:Service id="shibboleth.AttributeFilterEngine"
> xsi:type="attribute-afp:ShibbolethAttributeFilteringEngine">
>
> <srv:ConfigurationResource
> file="C:\No_Backup\Apps\shibboleth\SWIFTConf/attribute-filter.xml"
> xsi:type="resource:FilesystemResource">
>
> <resource:ResourceFilter xsi:type="PropertyReplacement"
>
>
> xmlns="urn:mace:shibboleth:2.0:resource"
>
>
> propertyFile="C:\No_Backup\Apps\shibboleth\SWIFTConf\config.properties"/>
>
> </srv:ConfigurationResource>
>
> </srv:Service>
>
>
>
> 2) I have updated the attribute-filter.xml file to use a property instead of
> hardcoding the entity ID of the service provider:
>
> <afp:AttributeFilterPolicy id="myServiceProvider">
>
> <afp:PolicyRequirementRule xsi:type="basic:AttributeRequesterString"
> value="${serviceprovider.entityId}" />
>
> <afp:AttributeRule attributeID="mySpSpecificAttribute">
>
> <afp:PermitValueRule xsi:type="basic:ANY" />
>
> </afp:AttributeRule>
>
> </afp:AttributeFilterPolicy>
>
>
>
> 3) I have made a config.properties file with following contents:
>
> serviceprovider.entityId = https://service-provider.domain.com
>
>
>
> However, with this configuration, the attribute mySpSpecificAttribute no
> longer gets released into the SAML response
>
>
>
> Is the usage of the resource filter only applicable to a subset of the
> config files or only to a subset of the tags or a subset of the properties?
>
>
>
> Any help or pointers to more detailed documentation are welcome.
>
>
>
> Alex Wulms
> Lead Developer, Swift.com development
> Tel: + 32 2 655 3931
>
> S.W.I.F.T. SCRL
>
> This e-mail and any attachments thereto may contain information which is
> confidential and/or proprietary and intended for the sole use of the
> recipient(s) named above. If you have received this e-mail in error, please
> immediately notify the sender and delete the mail. Thank you for your
> co-operation. SWIFT reserves the right to retain e-mail messages on its
> systems and, under circumstances permitted by applicable law, to monitor and
> intercept e-mail messages to and from its systems.
>
>
> Please visit http://www.swift.com for more information about SWIFT.
>
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
--
Chad La Joie
www.itumi.biz
trusted identities, delivered
More information about the users
mailing list