The Incommon Federation wiki has moved.

Please visit the new InCommon Federation Library wiki for updated content. Remember to update your bookmarks.

Click in the link above if you are not automatically redirected in 15 seconds.



You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

If you are one of the many IdPs that already supports CILogon, it is very easy to convert your CILogon configuration to a more general R&S configuration since the attribute requirements for CILogon are precisely those attributes required for support of R&S.

Software Requirements

The software requirements for the upgrade described here include Shibboleth IdP v2.3.4 or later. First read how to configure your Shibboleth IdP to support R&S before continuing.

Your current CILogon configuration probably looks something like this:

<AttributeFilterPolicy id="releaseToCILogon">

  <PolicyRequirementRule xsi:type="basic:AttributeRequesterString"
      value="https://cilogon.org/shibboleth"/>

  <AttributeRule attributeID="eduPersonPrincipalName">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="email">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="displayName">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="givenName">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="surName">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
</AttributeFilterPolicy>

Now simply replace the CILogon entityID with the R&S entity attribute:

<AttributeFilterPolicy id="releaseToRandS">

  <PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://id.incommon.org/category/research-and-scholarship"/>

  <AttributeRule attributeID="eduPersonPrincipalName">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="email">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="displayName">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="givenName">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="surName">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
</AttributeFilterPolicy>

That's it, you're done. Congratulations, you've just given your users access to all R&S SPs.

To have your IdP added to the list of IdPs that support R&S, fill out this short form (just 6 questions) that declares your willingness and ability to support R&S. Once this is done, your IdP will be added to the list, normally within one business day.

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels