Date: Thu, 28 Mar 2024 12:23:36 +0000 (UTC) Message-ID: <1776429836.6311.1711628616332@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_6310_1866840195.1711628616331" ------=_Part_6310_1866840195.1711628616331 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Old versions of the Shib IdP (prior to v2.3.4) don't support&nbs=
p;entity attributes so we provide an XSLT script that extracts the entity IDs of the Res=
earch & Scholarship SPs from a metadata file so that they can be insert=
ed into a configuration file. Run the script (InCommonRandSPolicy.xsl
) at the=
command line as follows:
$ curl --silent http://md.incommon.org/InCommon/InCommon-metadata.x= ml \ | xsltproc InCommonRandSPolicy.xsl - \ | tidy -quiet -xml -indent -wrap 0
The output will include a listing of the entity IDs of all<= /strong> R&S SPs found in the metadata file, which can be plugged = into an IdP configuration file:
<afp:= AttributeFilterPolicy id=3D"releaseFullBundleToRandS"> <afp:PolicyRequirementRule xsi:type=3D"basic:OR"> <basic:Rule xsi:type=3D"basic:AttributeRequesterString" value=3D"htt= ps://carmenwiki.osu.edu/shibboleth" /> <basic:Rule xsi:type=3D"basic:AttributeRequesterString" value=3D"htt= ps://filesender.internet2.edu/shibboleth" /> <basic:Rule xsi:type=3D"basic:AttributeRequesterString" value=3D"htt= ps://wikispaces.psu.edu/shibboleth" /> <basic:Rule xsi:type=3D"basic:AttributeRequesterString" value=3D"htt= ps://www.indianactsi.org" /> <basic:Rule xsi:type=3D"basic:AttributeRequesterString" value=3D"htt= ps://cilogon.org/shibboleth" /> <basic:Rule xsi:type=3D"basic:AttributeRequesterString" value=3D"htt= ps://cgca.phys.uwm.edu/shibboleth-sp" /> <basic:Rule xsi:type=3D"basic:AttributeRequesterString" value=3D"htt= ps://panther.gpolab.bbn.com/shibboleth" /> <basic:Rule xsi:type=3D"basic:AttributeRequesterString" value=3D"htt= ps://ligo.org/ligovirgo/cbcnote/shibboleth-sp" /> <!-- etc. --> </afp:PolicyRequirementRule> <!-- attribute rules here --> </afp:AttributeFilterPolicy>
A similar technique can be used for any IdP that does not support entity= attributes.