...
https://spaces.at.internet2.edu/pages/viewpage.action?pageId=115180856 (temporarily restricted, awaiting dev fix on 9/13/17)
Config Contributions
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
Change in general-authn.xml: -- Add new 2fa supported principal to both authn/Duo, and authn/MFA -- <bean parent="shibboleth.SAML2AuthnContextClassRef" c:classRef="https://refeds.org/profile/mfa" /> ...and then just add a release rule to attribute-filter.xml: <afp:AttributeFilterPolicy id="Incommon_Certmanager"> <afp:PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="https://cert-manager.com/shibboleth" /> <afp:AttributeRule attributeID="email"> <afp:PermitValueRule xsi:type="basic:ANY" /> </afp:AttributeRule> <afp:AttributeRule attributeID="givenName"> <afp:PermitValueRule xsi:type="basic:ANY" /> </afp:AttributeRule> <afp:AttributeRule attributeID="surname"> <afp:PermitValueRule xsi:type="basic:ANY" /> </afp:AttributeRule> <afp:AttributeRule attributeID="eduPersonPrincipalName"> <afp:PermitValueRule xsi:type="basic:ANY" /> </afp:AttributeRule> </afp:AttributeFilterPolicy> |
...