Release attributes

Jerry Bailie jebailie at vassar.edu
Wed Jun 10 10:48:39 UTC 2020 

David,

Thanks !

After adding the eduPersonPrincipleName example from here;
https://wiki.shibboleth.net/confluence/display/IDP4/AttributeResolverConfiguration
... and the attribute-filter.xml example you provided, the release of
attributes afforded a successful login to educause.

Thanks again!
- Jerry


On Tue, Jun 9, 2020 at 11:58 PM IAM David Bantz <dabantz at alaska.edu> wrote:

> attributes presumably defined in your attribute-resolver.xml for example:
>
> eduPersonPrincipalName   urn:oid:1.3.6.1.4.1.5923.1.1.1.6
>
> mail  urn:oid:0.9.2342.19200300.100.1.3
>
> sample attribute release policy in attribute-filter.xml
>
> <AttributeFilterPolicy id="releaseToEDUCAUSE">
>     <PolicyRequirementRule xsi:type="OR">
>         <Rule xsi:type="Requester" value="
> https://www.educause.edu/shibboleth-sp" />
>         <Rule xsi:type="Requester" value="https://sso.educause.edu/sp" />
>     </PolicyRequirementRule>
>     <AttributeRule attributeID="eduPersonPrincipalName">
>         <PermitValueRule xsi:type="ANY" />
>     </AttributeRule>
>     <AttributeRule attributeID="surname">
>         <PermitValueRule xsi:type="ANY" />
>     </AttributeRule>
>     <AttributeRule attributeID="givenName">
>         <PermitValueRule xsi:type="ANY" />
>     </AttributeRule>
>     <AttributeRule attributeID="mail">
>         <PermitValueRule xsi:type="ANY" />
>     </AttributeRule>
>     <AttributeRule attributeID="eduPersonScopedAffiliation">
>         <PermitValueRule xsi:type="ANY" />
>     </AttributeRule>
> </AttributeFilterPolicy>
>
> On Tue, Jun 9, 2020 at 7:05 PM Jerry Bailie <jebailie at vassar.edu> wrote:
>
>> Ok, thanks !
>>
>> This would be done in the attribute-filter.xml file ?
>>
>> If so, there's several examples in there that may be a bit complicated.
>> Could you provide an example of the release of those 2 attributes?
>>
>> - Jerry
>>
>> On Tue, Jun 9, 2020 at 10:18 PM Cantor, Scott <cantor.2 at osu.edu> wrote:
>>
>>> >    I see these values in the eduPerson.xml and inetOrgPerson.xml files
>>> but how do they get "released" ?
>>>
>>> Same as always (or I guess not if you're new to Shibboleth), attribute
>>> filtering.
>>>
>>> -- Scott
>>>
>>>
>>> --
>>> For Consortium Member technical support, see
>>> https://wiki.shibboleth.net/confluence/x/coFAAg
>>> To unsubscribe from this list send an email to
>>> users-unsubscribe at shibboleth.net
>>>
>> --
>> For Consortium Member technical support, see
>> https://wiki.shibboleth.net/confluence/x/coFAAg
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200610/93f59589/attachment.htm>

More information about the users mailing list