Help with InCommon and National Student Clearing House

Melvin Lasky melvin.lasky at manhattan.edu
Wed Sep 28 16:05:40 UTC 2022 

Hey everyone,
	I’m having an issue with the national student clearing house. They wanted 4 specific attributes, named in a specific way. I have done that, but not only does it send the four they want, it also sends the InCommon attributes. I guess it matches both.

How can I exclude the sending of the InCommon attributes while enabling the specific four for the Clearing House people.

I hope this makes sense.

<AttributeFilterPolicy id="releaseForNSC" >
  <PolicyRequirementRule xsi:type="Requester" value=“<ValueProvidedByNSC>" />
        <AttributeRule attributeID="SchoolAssignedPersonID" permitAny="true"  />
        <AttributeRule attributeID="EmailAddress" permitAny="true" />
        <AttributeRule attributeID="GivenName" permitAny="true" />
        <AttributeRule attributeID="LastName" permitAny="true" />
</AttributeFilterPolicy>


And I have this after (I use the InCommon Shib Docker Container):

    <!-- Attribute release for all InCommon SPs -->
    <AttributeFilterPolicy id="releaseToInCommon">	
        <PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
			attributeName="http://macedir.org/entity-category"
			attributeValue="http://id.incommon.org/category/registered-by-incommon"/>
        <AttributeRule attributeID="eduPersonPrincipalName">
            <PermitValueRule xsi:type="ANY" />
        </AttributeRule>
        <AttributeRule attributeID="eduPersonScopedAffiliation">
            <PermitValueRule xsi:type="ANY" />
        </AttributeRule>
        <AttributeRule attributeID="givenName">
            <PermitValueRule xsi:type="ANY" />
        </AttributeRule>
        <AttributeRule attributeID="surname">
            <PermitValueRule xsi:type="ANY" />
        </AttributeRule>
        <AttributeRule attributeID="displayName">
            <PermitValueRule xsi:type="ANY" />
        </AttributeRule>
        <AttributeRule attributeID="mail">
            <PermitValueRule xsi:type="ANY" />
        </AttributeRule>
    </AttributeFilterPolicy>


shib-idp;idp-process.log;dev;nothing; - [IPADDRESS]2022-09-22 13:32:18,401 - INFO [Shibboleth-Audit.SSO:283] - 2022-09-22T13:32:18.401715Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST| random_characters | ValueProvidedByNSC |http://shibboleth.net/ns/profiles/saml2/sso/browser|https://ouridp.domain.ed/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST| random_characters |myudernamer|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonScopedAffiliation,mail,surname,displayName,givenName,GivenName,eduPersonPrincipalName,LastName,EmailAddress,SchoolAssignedPersonID|random_characters| random_characters |

So not exactly sure what to do.

They have not been very responsive to say the least. This is the first time I’m having an issue with an InCommon provider. Usually it’s 1-2-3.

Mel

Melvin Lasky
Associate Director of Enterprise Architecture





Riverdale, NY 10471
Phone: 718-862-7410
melvin.lasky at manhattan.edu
www.manhattan.edu


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220928/4870b704/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1.jpeg
Type: image/jpeg
Size: 3547 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20220928/4870b704/attachment.jpeg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1403 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20220928/4870b704/attachment.p7s>

More information about the users mailing list