Need help setting up Shibboleth 4.1 for MFA support for REFEDS/NIH
Murphy, Patrick
murphyp1 at msu.edu
Wed Jul 28 18:51:50 UTC 2021
We are installing a new Shibboleth 4.1.2 IdP. We have it working with some of our existing sites that were migrated from V2. I need to figure out how to setup the MFA component to convert the MFA attributes supplied by our Okta SSO solution into the required ones for REFEDS/NIH. I am new to Shibboleth and the whole Spring beans configuration mechanism, so any pointers would be appreciated.
Here are the attribute values returned from Okta:
<saml2:AuthnStatement AuthnInstant="2021-07-27T18:56:30.122Z"
SessionIndex="_685bb706e2a3ecaa1d6ce10af4f826ef"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
<saml2:AttributeStatement xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<saml2:Attribute Name="authenticationContext"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
>
<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
>swk</saml2:AttributeValue>
<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
>mfa</saml2:AttributeValue>
<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
>pwd</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
I need to convert the attribute value to:
<saml2:AuthnStatement AuthnInstant="2021-07-27T18:56:30.122Z"
SessionIndex="_685bb706e2a3ecaa1d6ce10af4f826ef"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>https://refeds.org/profile/mfa</saml2:AuthnContextClassRef><https://refeds.org/profile/mfa%3c/saml2:AuthnContextClassRef%3e>
</saml2:AuthnContext>
</saml2:AuthnStatement>
Thanks for any help you can provide.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210728/a1c40c61/attachment.htm>
More information about the users
mailing list