Page tree
Skip to end of metadata
Go to start of metadata

Software Requirements

To release attributes to all current and future R&S SPs with a one-time configuration, an IdP should define release using entity attributes instead of entity IDs. The entity attribute based attribute release configuration described on this page requires Shibboleth IdP V3 or newer.

Configure IdP to Release R&S Attributes

The following example illustrates how to configure a Shibboleth IdP to release the R&S Attribute Bundle to all eduGAIN R&S SPs:

A Shib IdP config that releases the R&S bundle to ALL R&S SPs
<!-- for Shibboleth IdP V3.2.0 or later -->
 
<AttributeFilterPolicy id="releaseRandSAttributeBundle">
 
  <PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://refeds.org/category/research-and-scholarship"/>

  <!-- a fixed subset of the Research & Scholarship Attribute Bundle -->
 
  <!-- release of ePPN is REQUIRED -->
  <AttributeRule attributeID="eduPersonPrincipalName">
    <PermitValueRule xsi:type="ANY"/>
  </AttributeRule>

  <!-- if your deployment of ePPN is non-reassigned, release of ePTID is OPTIONAL -->
  <AttributeRule attributeID="eduPersonTargetedID">
    <PermitValueRule xsi:type="ANY"/>
  </AttributeRule>

  <!-- release of email is REQUIRED -->
  <AttributeRule attributeID="email">
    <PermitValueRule xsi:type="ANY"/>
  </AttributeRule>

  <!-- either displayName or (givenName and sn) is REQUIRED but all three are RECOMMENDED -->
  <AttributeRule attributeID="displayName">
    <PermitValueRule xsi:type="ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="givenName">
    <PermitValueRule xsi:type="ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="surname">
    <PermitValueRule xsi:type="ANY"/>
  </AttributeRule>

  <!-- release of ePSA is OPTIONAL -->
  <AttributeRule attributeID="eduPersonScopedAffiliation">
    <PermitValueRule xsi:type="ANY"/>
  </AttributeRule>

</AttributeFilterPolicy>

Validate your configuration

Once you've configured your IdP, you can test your configuration using this test page, a service provided by the GENI Experimenter Portal, an official R&S SP.

Cleaning up - remove obsolete attribute release rules 

Once you've configured your IdP to release attributes to R&S SPs as described below, you should optimize your IdP configuration files by removing all references to the entity IDs of individual R&S SPs. (That is, in fact, the whole point of using entity attributes to configure attribute release policy.) In particular, if your IdP already releases attributes to CILogon (or any other R&S SP), you should convert your CILogon configuration to R&S.

Declare your support for R&S

Don't forget to let others know you now support R&S. Declare your support for R&S via Federation Manager.