Versions Compared

Old Version 31

changes.mady.by.user tfleury@illinois.edu

Saved on

compared with

New Version 32

changes.mady.by.user tfleury@illinois.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Edit the SP's /etc/shibboleth/attribute-map.xml configuration file. Add the following new tag:
    Code Block
    <Attribute
 
 name="urn:oasis:names:tc:SAML:attribute:assurance-certification"
 
 id="assurance-certification"/>
    This corresponds to the <saml:Attribute Name="urn:oasis:names:tc:SAML:attribute:assurance-certification"> tag in the IdP's "IAQs in metadata" configuration section above.
  2. Edit the SP's /etc/shibboleth/shibboleth2.xml configuration file. In the <ApplicationDefaults ...> tag, add the following attribute:
    Code Block
    metadataAttributePrefix="Meta-"
    You will now have an <ApplicationDefaults ...> tag that looks like the following:
    Code Block
    <ApplicationDefaults id="default" policyId="default"
                      entityID="https://example.org/shibboleth"
                      REMOTE_USER="persistent-id targeted-id eppn"
                      signing="false" encryption="false"
                      homeURL="https://example.org/"
                      metadataAttributePrefix="Meta-">
    This will add new Apache server environment variables of the form HTTP_META_... and allow the SP software to automatically populate the Apache server environment with the IdP's metadata <EntityAttributes>. This is useful for the SP to programatically determine which assurance attributes are valid from the IdP.
  3. Restart the SP's shibd process.

...