Versions Compared

Old Version 106

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 107

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For Shibboleth IdP V2, release attributes to R&S SPs registered by InCommon as follows:

Code Block
languagexml
titleA Shib IdP V2 rule that releases attributes to R&S SPs registered by InCommon
<afp:PolicyRequirementRule xsi:type="basic:AND">
  <basic:Rule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://refeds.org/category/research-and-scholarship"/>
  <basic:Rule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://id.incommon.org/category/registered-by-incommon"/>
</afp:PolicyRequirementRule>
Info
titleThe Registered By InCommon Category is coming!

Here is the timeline for implementing the Registered By InCommon Category:

  1. Friday, April 17, 2015: Introduce the registered-by-incommon entity attribute into the preview aggregate
  2. Friday, April 24, 2015: Sync the main aggregate with the preview aggregate
  3. Friday, May 1, 2015: Sync the fallback aggregate with the production aggregate

Since most deployments consume the main production aggregate, April 24th is the date to remember.

Choose the Target User Population

The policy rules in the previous sections implicitly release attributes for all users whereas an IdP that supports R&S is only required to release attributes for some subset of the IdP's user population. For example, an IdP may choose to release attributes for faculty and staff only, or perhaps for non-students.

Release Attributes for Non-Students

The following pair of policy rules release attributes for non-students to all R&S SPs.

Info
titleIt's a fact!
More than 90% of R&S IdPs release the R&S Attribute Bundle on behalf of students.
For Shib IdP v3.0.0 and higher

For Shibboleth IdP V3, release attributes for non-students to all R&S SPs:

Code Block
languagexml
titleA Shib IdP V3 rule that releases attributes for non-students to all R&S SPs
<afp:PolicyRequirementRule xsi:type="basic:AND">
  <basic:Rule xsi:type="saml:EntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://refeds.org/category/research-and-scholarship"/>
  <basic:Rule xsi:type="basic:NOT">
    <basic:Rule xsi:type="basic:AttributeValueString"
        attributeID="eduPersonAffiliation" value="student" ignoreCase="true"/>
  </basic:Rule>
</afp:PolicyRequirementRule>
For Shib IdPs prior to v3.0.0

For Shibboleth IdP V2, release attributes for non-students to all R&S SPs:

Code Block
languagexml
titleA Shib IdP V2 rule that releases attributes for non-students to all R&S SPs
<afp:PolicyRequirementRule xsi:type="basic:AND">
  <basic:Rule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://refeds.org/category/research-and-scholarship"/>
  <basic:Rule xsi:type="basic:NOT">
    <basic:Rule xsi:type="basic:AttributeValueString"
        attributeID="eduPersonAffiliation" value="student" ignoreCase="true"/>
  </basic:Rule>
</afp:PolicyRequirementRule>

 

...