Versions Compared

Old Version 11

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 12

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Typically, the value of the Display Name field will appear on login and error pages at the IdP, and also on the consent page. If the element does not exist in metadata, applications are required to fall back on the <md:OrganizationDisplayName> element, which typically does not reflect the service but rather the organization that runs the service. Such an organization may in fact run multiple SP services so the organization name is a poor choice to use on a user interface.

...

Warning
titleYour Privacy Policy

The importance of a Privacy Policy can not be overstated. Users will be instructed to consult the SP's Privacy Policy, lack of which will cause some users to decline attribute release.

Logo URL

A user This element is optional but there are applications that can leverage this element in metadata so SP operators are encouraged to provide a link to a logo that meets the following requirements. For example, a consent interface may use a visual cue (i.e., a logo) instead of or in addition to the Display Name.

The actual size of the logo may vary. You will be asked to enter the actual width and height of the logo (in pixels). The application will select your logo (or not) based on the width and height entered into metadata.

Usable logos have the following characteristics:

  • the logo must be specified using an HTTPS URL
  • the logo should have a transparent background
  • the logo size should exhibit a 4:3 aspect ratio

The provided logo will be scaled to 80 pixels wide by 60 pixels high, so any logo with an approximate 4:3 aspect ratio should be fine.

  • have a landscape orientation (width > height)
  • the logo should have an aspect ratio between 4:3 and 16:9
  • the logo should have a minimum height of 80 pixels

Logos that meet the minimum height requirement can be scaled down by the application as neededThis element is optional but SP operators are encouraged to provide a link to a logo that meets the above requirements.

Requested Attributes

Requested attributes are presented to the user on the consent page. At runtime, the user is asked whether or not the requested attributes should be released to the SP, so care should be taken to request only those attributes actually needed by the service.

At least one attribute is required. From the drop-down menu labeled Attribute Name, simply choose the desired attribute(s). If that the chosen attribute is eduPersonAffiliation, eduPersonEntitlement, or eduPersonScopedAffiliation, an optional Attribute Values field will appear. Enter the requested attribute value(s) (or not, as the case may be) and then press . Repeat the input process for each requested attribute.

Once the Save button .Two is pressed, two <md:RequestedAttribute> elements will be inserted into metadata for every attribute chosen from the drop-down menu. One of those attributes is a SAML1 attribute while the other is a SAML2 attribute. The IdP will automatically choose one or the other depending on the runtime protocol.

Anchor
software
software

...

In addition to the <mdui:UIInfo> element, uApprove 2.2 consumes the <md:AttributeConsumingService> element (containing <md:RequestedAttribute> elements) in SP metadata. The requested attributes in metadata are displayed to the user on the consent page.