| Version 1 (modified by dabantz@…, 11 years ago) (diff) |
|---|
IAM / Projects / Shibboleth / Service Candidates / Atomic Learning
After a period of CAS authentication (using CASShib), Atomic Learning added support for SAML / Shibboleth. Licensing is campus-based, originally only a couple of UAF campuses; as of June 2013, all UAA and UAF campuses are licensed; students and employees at any of these campuses are authorized to use Atomic Learning. The SAML assertion to Atomic Learning includes campus affiliation(s) of the authenticated user - see the qualification below.
Other attributes released are EPPN, BannerID, email, surname, givenName, and a scoped version of eduPersonAffiliation (like student@alaska.edu or faculty@alaska.edu).
Atomic Learning only consumes the "first" attribute value in the multi-valued attribute containing campus affiliation(s). To prevent inappropriate denial of access for those with multiple campus affiliations including non-licensed campuses, UA added a release policy that filters and only releases the values of campus names explicitly licensed:
<!-- Specifically release only values of licensed campuses -->
<!-- AL may deny access if non-licensed campus affiliation asserted -->
<AttributeRule attributeID="AtomicLearningCampus">
<PermitValueRule xsi:type="basic:OR">
<basic:Rule xsi:type="basic:AttributeValueString" value="UA Statewide Admin" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAA Kenai Peninsula College" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAA Kodiak College" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAA Main" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAA Matanuska-Susitna College" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAA Prince William Sound Community College" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAF Bristol Bay Campus" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAF Chukchi Campus" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAF Community and Technical College" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAF Cooperative Extension Service" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAF Interior-Aleutians Campus" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAF Kuskokwim Campus" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAF Main" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAF Northwest Campus" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAF Rural College" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAA - Kenai Peninsula Campus" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAA - Kodiak Campus" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAA - Main Campus" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAA - Mat-Su Campus" />
<basic:Rule xsi:type="basic:AttributeValueString" value="PWSCC - Prince William Sound" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAF - eLearning & Distance Ed" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAF - Bristol Bay (RB)" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAF - Chukchi Campus" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAF - Correspondence Study(CS)" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAF - Fairbanks Campus" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAF - Interior-Aleutians (RI)" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAF - Juneau Fisheries (JU)" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAF - Kuskokwim Campus" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAF - Northwest Campus" />
<basic:Rule xsi:type="basic:AttributeValueString" value="UAF - Rural College (RE)" />
</PermitValueRule>
</AttributeRule>
Note that the ampersand in one value has to be XML encoded as &
