Versions Compared

Old Version 49

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 50

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This topic is for existing Research & Scholarship (R&S) IdP operators. All R&S SPs in the InCommon Federation now meet the requirements of the REFEDS Research & Scholarship Entity Category specification and therefore every all R&S SP SPs in the InCommon Federation has have a multivalued R&S entity attribute in metadata. More importantly, InCommon will soon begin importing the metadata of R&S SPs from other federations, so now is the time for R&S IdP operators to begin thinking about their migration strategy to global R&S.

...

To support R&S globally, an R&S IdP should instead be configured with a policy rule that releases the R&S Attribute Bundle to all R&S SPs, including R&S SPs in other federations. An instance of Shibboleth IdP V2 is configured as follows:

Code Block
languagexml
titleA Shib IdP V2 rule that releases attributes to ALL R&S SPs
<afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
    attributeName="http://macedir.org/entity-category"
    attributeValue="http://refeds.org/category/research-and-scholarship"/>
 
<!-- for Shib IdP V3, use type saml:EntityAttributeExactMatch instead -->

Configure an instance of Shibboleth IdP V3 as follows:

Code Block
languagexml
titleA Shib IdP V3 rule that releases attributes to ALL R&S SPs
<afp:PolicyRequirementRule xsi:type="saml:EntityAttributeExactMatch"
    attributeName="http://macedir.org/entity-category"
    attributeValue="http://refeds.org/category/research-and-scholarship"/>

For more detailed information about configuring an IdP for R&S, consult the R&S Attribute Bundle Config topic.

...

Code Block
languagexml
titleA Shib IdP V3 rule that releases attributes to R&S SPs registered by InCommon
<afp:PolicyRequirementRule xsi:type="basic:AND">
  <basic:Rule xsi:type="saml:EntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://refeds.org/category/research-and-scholarship"/>
  <basic:Rule xsi:type="saml:RegistrationAuthority"
      registrars="https://incommon.org"/>
</afp:PolicyRequirementRule>

The registrars XML attribute takes a space-separated list of registrar IDs and therefore the previous configuration is most flexible.

For more information about configuring an IdP for R&S, consult the R&S Attribute Bundle Config topic in the wiki.

...