Broken GSuite Auth in Prep for IdPV4
Kevin Ratcliffe
kratcliffe at bolton-sfc.ac.uk
Sun Aug 16 18:48:09 UTC 2020
Hi
I had a working Google Gsuite configuration before I started removing all the deprecated namespaces and such from my IdP. Could someone help get a v4 compatible Gsuite configuration please.
On the shib docs site there are some instructions which kind of work but aren't appropriate because we have different domains as email addresses and we only have one Google domain.
See below for (what I think are)the relevant parts of my old working configuration.
Thanks in advance for any help.
attribute-filter.xml
=====================
<!-- Google Apps -->
<AttributeFilterPolicy id="allowPrincipalToGoogle">
<PolicyRequirementRule xsi:type="Requester" value="google.com" />
<AttributeRule attributeID="principal">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
</AttributeFilterPolicy>
attribute-resolver.xml
=======================
<!-- principal for Google Apps for Education -->
<resolver:AttributeDefinition id="principal" xsi:type="PrincipalName" xmlns="urn:mace:shibboleth:2.0:resolver:ad">
<resolver:AttributeEncoder xsi:type="SAML2StringNameID" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
</resolver:AttributeDefinition>
saml-named.xml
===============
<!-- SAML 2 NameID Generation -->
<util:list id="shibboleth.SAML2NameIDGenerators">
<ref bean="shibboleth.SAML2TransientGenerator" />
<!-- Uncommenting this bean requires configuration in saml-nameid.properties. -->
<!--
<ref bean="shibboleth.SAML2PersistentGenerator" />
-->
<bean parent="shibboleth.SAML2AttributeSourcedGenerator"
p:format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
p:attributeSourceIds="#{ {'principal'} }" />
Kevin Ratcliffe
Network & IT Systems Support
The Sixth Form Bolton
T: 01204 846215
E: kratcliffe at bolton-sfc.ac.uk
W: www.bolton-sfc.ac.uk
Save Paper. Please consider the environment before printing.
More information about the users
mailing list