...
https://spaces.at.internet2.edu/pages/viewpage.action?pageId=115180856
Config Contributions
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
Change in general-authn.xml--
Add new 2fa supported principal to both authn/Duo, and authn/MFA:
<bean parent="shibboleth.SAML2AuthnContextClassRef" c:classRef="https://refeds.org/profile/mfa" />
...and then just add a release rule.
<afp:AttributeFilterPolicy id="Incommon_Certmanager">
<afp:PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="https://cert-manager.com/shibboleth" />
<afp:AttributeRule attributeID="email">
<afp:PermitValueRule xsi:type="basic:ANY" />
</afp:AttributeRule>
<afp:AttributeRule attributeID="givenName">
<afp:PermitValueRule xsi:type="basic:ANY" />
</afp:AttributeRule>
<afp:AttributeRule attributeID="surname">
<afp:PermitValueRule xsi:type="basic:ANY" />
</afp:AttributeRule>
<afp:AttributeRule attributeID="eduPersonPrincipalName">
<afp:PermitValueRule xsi:type="basic:ANY" />
</afp:AttributeRule>
</afp:AttributeFilterPolicy> |