New attribute filter help

Chad La Joie lajoie at itumi.biz
Fri Sep 30 16:59:36 BST 2011 

Hey Andi,

Most of the shib folks are getting ready, and travelling to, our
face-to-face meeting.  I'd encourage you to send this question to the
UK federation helpdesk[1].  They should be able to walk your through
this and discuss how such attributes fit within the policies and
practices within the UK.

[1] http://www.ukfederation.org.uk/content/Documents/UKFederationHelpdesk

On Fri, Sep 30, 2011 at 11:53, Morris, Andi <amorris at uwic.ac.uk> wrote:
> Hi all,
>
> I’ve just been asked to release some new attributes for a service that our
> library uses.  The information is in the text below.
>
> For Shibboleth users, we are expecting to receive the following attributes:
>      > An attribute with a name that matches the regular expression
> (ignoring case)
> ".*OASCOPED.URN.MACE.DIR_ATTRIBUTE.DEF.EDUPERSONTARGETEDID.*". The value
> should be some sort if ID representing the logged in user followed by
> =@"idpdomain"
>
> So an example would be
> [OA.OASCOPED.URN.MACE.DIR.ATTRIBUTE.DEF.EDUPERSONTARGETEDID] =>
> wduOx72J9wJAQz7sEZowoBLKpio=@typekey.sdss.ac.uk
>
>
>
>   > An attribute with a name that matches the regular
> expression".*IDP.ENTITY.*". The value should be the EntityID of the Identity
> provider.
> An example would be [OA_IDP_ENTITY] => https://typekey.sdss.ac.uk/shibboleth
>
>
>
>
>
> Now, we already release the EDUPERSONTARGETEDID, but not with that
> expression.  Ours is:
>
>     <resolver:AttributeDefinition xsi:type="ad:SAML2NameID"
> id="eduPersonTargetedID"
>
>                                   nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
> sourceAttributeID="computedID">
>
>         <resolver:Dependency ref="computedID" />
>
>         <resolver:AttributeEncoder xsi:type="enc:SAML1XMLObject"
> name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" />
>
>         <resolver:AttributeEncoder xsi:type="enc:SAML2XMLObject"
> name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" friendlyName="eduPersonTargetedID"
> />
>
>     </resolver:AttributeDefinition>
>
>
>
> Will that work?
>
>
>
> Also, is there a way I can release the EntityID as an attribute?
>
>
>
> I’m quite new to all this, and have read the attribute section of the
> documentation, but it’s not quite all sunk in yet.  Any help would be
> appreciated.
>
>
>
> Cheers,
>
> Andi
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>



-- 
Chad La Joie
www.itumi.biz
trusted identities, delivered

More information about the users mailing list