You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Attribute Release For Cohortium Services

The following is an example of the configuration that the staff managing your institutional Identity Provider would need to add to the "attribute-filter.xml" Shibboleth IdP configuration file in order to release the needed attribute (ePPN) to the Internet2 ScalePriv MFA Cohortium Collaboration (CoCoA) environment-related SPs. There are actually two examples, one that just releases ePPN, and a second one that releases ePPN plus some additional attributes that would be useful to get, if your institution is so willing. (As noted before, if your institution already releases attributes to any service that has been approved to be in the "entity category" of Research & Scholarship, nothing more is needed.)

Minimally needed attribute release for accessing the new Cohortium collaboration services/environment:

    <!--
        Release the ePPN to the Internet2 ScalePriv MFA Cohortium Collaboration (CoCoA) environment-related SPs.
        All the entityIDs for these SPs will be of the form:
          https://SPECIFICSERVICE.cohortium.internet2.edu/shibboleth
        Where 'SPECIFICSERVICE' will be values such as: 'wiki', 'registry', etc.
    -->
    <afp:AttributeFilterPolicy id="I2MFACohortium">
       <afp:PolicyRequirementRule xsi:type="basic:AttributeRequesterRegex" regex="^https://[^.]+\.cohortium\.internet2\.edu/shibboleth$" />

        <afp:AttributeRule attributeID="eduPersonPrincipalName">
            <afp:PermitValueRule xsi:type="basic:ANY" />
        </afp:AttributeRule>

    </afp:AttributeFilterPolicy>

OR the following (required plus optional useful attributes):

    <!--
        Release the ePPN, first and last name, and email attributes to the
        Internet2 ScalePriv MFA Cohortium Collaboration (CoCoA) environment-related SPs.
        All the entityIDs for these SPs will be of the form:
          https://SPECIFICSERVICE.cohortium.internet2.edu/shibboleth
        Where 'SPECIFICSERVICE' will be values such as: 'wiki', 'registry', etc.
    -->
    <afp:AttributeFilterPolicy id="I2MFACohortium">
       <afp:PolicyRequirementRule xsi:type="basic:AttributeRequesterRegex" regex="^https://[^.]+\.cohortium\.internet2\.edu/shibboleth$" />

        <afp:AttributeRule attributeID="eduPersonPrincipalName">
            <afp:PermitValueRule xsi:type="basic:ANY" />
        </afp:AttributeRule>
        <afp:AttributeRule attributeID="givenName">
            <afp:PermitValueRule xsi:type="basic:ANY" />
        </afp:AttributeRule>
        <afp:AttributeRule attributeID="surname">
            <afp:PermitValueRule xsi:type="basic:ANY" />
        </afp:AttributeRule>
        <afp:AttributeRule attributeID="email">
            <afp:PermitValueRule xsi:type="basic:ANY" />
        </afp:AttributeRule>

    </afp:AttributeFilterPolicy>
  • No labels