IdP Attribute Based on SP Entity ID
Christopher Bongaarts
cab at umn.edu
Fri Feb 1 13:00:11 EST 2013
On 1/31/2013 10:01 PM, Jason wrote:
> I'm running a Shibboleth IdP, and I need to integrate with a couple
> different service providers that each want a custom attribute (the
> attribute is called "Application").
>
> Each service provider has a different entity ID. I'm looking for a
> way to set a value for the "Application" custom attribute based on the
> SP's entity ID.
>
> For example, if the requester's entity ID is
> https://service.example.edu/sp, I want the "Application" attribute to
> have a value of 2. If the requester's entity ID is
> https://otherservice.example.edu/sp, I'd like the "Application"
> attribute to have a value of 3.
>
> What's the best way to accomplish this? Should I use a scripted attribute?
You could, or what Scott suggested. Another possibility is to set up a
Static DataConnector that creates two attributes, one named
"application-service" with value "2" and one named
"application-otherservice" with value "3". Then define two attributes
(using AttributeDefinition) using the same names, but attach an
AttributeEncoder to each one encoding it with the SAML attribute name
"Application". Finally, use an AttributeFilter for each SP that
selectively releases the correct attribute for each SP (service gets
application-service only, otherservice gets application-otherservice only).
It might be more comprehensible/scalable, though, to go with a small
Script (or Template) attribute instead...
--
%% Christopher A. Bongaarts %% cab at umn.edu %%
%% OIT - Identity Management %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
More information about the users
mailing list