Using Metadata in my App
Andy Bennett
andyjpb at knodium.com
Mon Mar 25 19:13:03 EDT 2013
Hi,
I'm running a Shibboleth 2.4.3 SP which is joined into a federation and
authenticates users to my service via the FastCGI interface. It all
works well and I've configured things such that my App is delivered the
attributes that it wants when a user logs in. When the first user logs
in from a particular IdP the App creates an entry for the user as usual
and also an entry for the IdP, currently keyed off of the
Shib-Identity-Provider variable.
My aim now is to make my App UI a little more aware of the users'
organisations via the IdP metadata.
I have read these:
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAttributeExtractor
https://wiki.shibboleth.net/confluence/display/SHIB2/Metadata
https://wiki.shibboleth.net/confluence/display/SHIB2/MetadataForSP
...and have not felt too enlightened about how to achieve this so I'm
writing here for some pointers about the approach I should be taking and
where to find appropriate documentation.
I have my Federation supplied metadata in an XML file in
/var/run/shibboleth/ When I look in this XML file I see data that I'd
like to take advantage off. Specifically, the data in <Organization>
such as <OrganizationName>.
>From reading NativeSPAttributeExtractor it seems possible that I could
cook up some kind of extractor for these data and then when the users
log in, and only when the users log in, I'd be able to get hold of that
data. If it changes in the mean time I'd be out of luck. I'd also only
be able to populate my app with information about IdPs from which users
have actually ever logged in.
>From reading Metadata and MetadataForSP it's unclear as to whether the
Shibboleth software gives me an explicit, non-login-time, interface to
this metadata or whether I have to find and ingest the file myself.
What I'd really like to do is to prepopulate the IdP data in my app so
that I have an App object for hanging other data off of such as "This
IdP and these eMail domains identify users as belonging to this
institution", "this is the name/logo/description of this institution"
(for cases where it's not supplied by the IdP) and "these are App
objects for users of this institution". i.e. data that I obtain through
other sources.
Can anyone offer advice about (a) the approved way of getting this data
(b) the easiest way of getting this data or (c) the best way of getting
this data?
Many thanks for your time.
Regards,
@ndy
--
andyjpb at knodium.com
http://www.knodium.com/
More information about the users
mailing list