Adding an entity attribute to every entity from a provider

Ian Young ian at iay.org.uk
Wed Apr 17 09:26:03 EDT 2019 

> On 16 Apr 2019, at 22:46, Wessel, Keith <kwessel at illinois.edu <mailto:kwessel at illinois.edu>> wrote:
> 
> I want to add an entity attribute to every entity from the InCommon MDQ preview to know that it came from InCommon or eduGAIN.


You should find that every entity you access via the MDQ preview already includes a couple of different metadata elements that are relevant:
  
    <Extensions>
    <mdrpi:RegistrationInfo xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" registrationAuthority="https://incommon.org <https://incommon.org/>"/>
    <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
      <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://macedir.org/entity-category <http://macedir.org/entity-category>" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
        <saml:AttributeValue>http://id.incommon.org/category/registered-by-incommon</saml:AttributeValue> <http://id.incommon.org/category/registered-by-incommon%3C/saml:AttributeValue%3E>
      </saml:Attribute>
    </mdattr:EntityAttributes>
  </Extensions>

The first is the EntityDescriptor/Extensions/RegistrationInfo/@registrationAuthority. Anything "from" (i.e., registered by) InCommon will have one registrationAuthority value, and anything "from" eduGAIN would have some other value, but the specific value will differ depending on which original registrar was involved.

The other thing you can see in the above example is that there's already an entity attribute which specifically indicates that an entity was registered by InCommon, which sounds like exactly what you want. To a first approximation, certainly right now, if that's missing then the metadata is "from" eduGAIN.

    -- Ian




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190417/e5a6a193/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3870 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20190417/e5a6a193/attachment.p7s>

More information about the users mailing list