Child pages
  • Filtering Metadata for Entity Attributes



The Incommon Federation wiki has moved.

Please visit the new InCommon Federation Library wiki for updated content. Remember to update your bookmarks.

Click in the link above if you are not automatically redirected in 15 seconds.



Skip to end of metadata
Go to start of metadata

Old versions of the Shib IdP (prior to v2.3.4) don't support entity attributes so we provide an XSLT script that extracts the entity IDs of the Research & Scholarship SPs from a metadata file so that they can be inserted into a configuration file. Run the script (InCommonRandSPolicy.xsl) at the command line as follows:

$ curl --silent http://md.incommon.org/InCommon/InCommon-metadata.xml \
    | xsltproc InCommonRandSPolicy.xsl - \
    | tidy -quiet -xml -indent -wrap 0

The output will include a listing of the entity IDs of all R&S SPs found in the metadata file, which can be plugged into an IdP configuration file:

<afp:AttributeFilterPolicy id="releaseFullBundleToRandS">

  <afp:PolicyRequirementRule xsi:type="basic:OR">
    <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://carmenwiki.osu.edu/shibboleth" />
    <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://filesender.internet2.edu/shibboleth" />
    <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://wikispaces.psu.edu/shibboleth" />
    <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://www.indianactsi.org" />
    <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://cilogon.org/shibboleth" />
    <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://cgca.phys.uwm.edu/shibboleth-sp" />
    <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://panther.gpolab.bbn.com/shibboleth" />
    <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://ligo.org/ligovirgo/cbcnote/shibboleth-sp" />
    <!-- etc. -->
  </afp:PolicyRequirementRule>

  <!-- attribute rules here -->

</afp:AttributeFilterPolicy>

A similar technique can be used for any IdP that does not support entity attributes.

  • No labels