...
Create a new bundle attribute
- Edit an existing bundle attribute
- Delete a bundle attribute
Create an Attribute Bundle
Attribute Release bundles can be created as a convenience feature for metadata creators. This allows an administrator to select from the list of custom attributes defined in the `application.yml` file.
To create an attribute bundle:
- Log into Shibboleth IdP UI as an Administrator.
- Select the Attribute bundle option from the Advanced menu in the upper right navigation.
- Click on the Add bundle button.
- Enter a values for the Bundle Name field, used only to identify the bundle to the user in the UI.
- Check the boxes for the attributes you want to add to the bundle. This is a list of available attributes defined in the system.
- Click the Save button.
Mouse over the list of bundled attributes will display the full list of attributes defined in the bundle, in case the list is too long to display in the bundle list table.
Once the attributes bundle has been created, a user can select these bundles when creating a new metadata source, dynamic registration, or entity attributes Filter. On the Attribute Release page, the bundles are displayed above the list of attributes. Clicking the Select Bundle button to the right of the bundle name will select the checkboxes below for the attributes in that bundle. This allows the user to select multiple attributes:
- Attributes Release screen for metadata source or dynamic registration.
- Attributes screen for entity attributes filter.
- Clicking the check button to the right of the bundle name will select the checkboxes below for the attributes in that bundle.
Groups
Groups can be defined by an administrator using the Groups page. Metadata sources, dynamic registrations, and users can belong to a group, and each user may have a role within the context of that group. When a user is created in the system, they are added by default to their own user group which is generated at the same time, unless a specific group is specified. When a metadata source or dynamic registration is created, that source or registration is added to the creator's group.
On the Groups Management screen, the Administrator can perform the following functions:
- Create a group
- Edit a group
- Delete a group - except the ADMIN-GROUP; this group is required by the system
Creating a group
To create a group:
- Log into Shibboleth IdP UI as an Administrator.
- Select the Groups option from the Advanced menu in the upper right navigation.
- Click the Add group role button.
- Enter values in the Group Name and Group Description fields.
NOTE: The URL validation regular expression and Approvers sections are optional.
- OPTIONAL: Enter a value in the URL validation regular expression field. The URL validation regex field is for administrators to define what entity IDs and assertion consumer service URLs can be targeted by members of that group.
NOTE: During the metadata source creation process, the Entity ID and any assertion consumer service endpoint URLs will be restricted to matching the URL validation regular expression defined for the members's group. For example, here is a failed validation on the Entity ID:
Once it has been corrected, the user can proceed with their metadata source definition:
Similarly, when defining Assertion Consumer Service Endpoints, the URL will be validated against the group's RegEx:
And once it is successful, the user can proceed with their metadata source definition
- OPTIONAL: Select an option from the Approvers menu.
NOTE: This provides an additional level of approval for metadata sources and dynamic registrations, granting the approver group(s) the authority to approve an un-enabled Metadata Source.
Metadata sources and dynamic registrations belonging to a group that has approval groups assigned to it cannot be enabled by a delegated enabler until it has been approved by a user from one of the approval groups.
- Click the Save button.
The Groups Management page is displayed, the new group has been added to the list, and a success message is displayed.