| | 1 | |
| | 2 | |
| | 3 | Create the unique attributes required for this vendor, UniqueMemberID and !MemberSuffix. Note they are encoded with a format of "basic" rather than the usual "uri." |
| | 4 | |
| | 5 | {{{ |
| | 6 | |
| | 7 | <!-- UniqueMemberID for HealthRoads SP is employee # = bannerID per UA Benefits--> |
| | 8 | <!-- If and when dependents use SSO to HealthyRoads, the UniqueMemberID will need to be the benefits-eligible employee ID# --> |
| | 9 | <resolver:AttributeDefinition id="UniqueMemberID" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad" |
| | 10 | sourceAttributeID="BannerID"> |
| | 11 | <resolver:Dependency ref="myLDAP" /> |
| | 12 | <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" |
| | 13 | name="UniqueMemberID" |
| | 14 | nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" |
| | 15 | friendlyName="UniqueMemberID"/> |
| | 16 | </resolver:AttributeDefinition> |
| | 17 | |
| | 18 | <!-- Create "MemberSuffix" with value of 00 for all employees for HealthyRoads SP, per UA Benefits Office --> |
| | 19 | <resolver:AttributeDefinition id="MemberSuffix" xsi:type="Script" xmlns="urn:mace:shibboleth:2.0:resolver:ad"> |
| | 20 | <resolver:Dependency ref="eduPersonAffiliation" /> |
| | 21 | <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" |
| | 22 | name="MemberSuffix" |
| | 23 | nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" |
| | 24 | friendlyName="MemberSuffix" /> |
| | 25 | <Script> |
| | 26 | <![CDATA[ |
| | 27 | importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider); |
| | 28 | importPackage(Packages.org.slf4j); |
| | 29 | |
| | 30 | logger = LoggerFactory.getLogger("edu.internet2.middleware.shibboleth.resolver.Script.scriptTest"); |
| | 31 | logger.debug("Starting MemberSuffix Attribute Resolver Script:"); |
| | 32 | |
| | 33 | if (MemberSuffix == null) {MemberSuffix = new BasicAttribute("MemberSuffix");} |
| | 34 | |
| | 35 | if (eduPersonAffiliation.getValues().contains("employee") || eduPersonAffiliation.getValues().contains("Employee")) |
| | 36 | {MemberSuffix.getValues().add("00");} |
| | 37 | |
| | 38 | ]]> |
| | 39 | </Script> |
| | 40 | </resolver:AttributeDefinition> |
| | 41 | |
| | 42 | }}} |
| | 43 | |
| | 44 | |
| | 45 | Attribute Release (for benefits-eligible employees). This releases the custom attributes for this vendor, that is, UniqueMemberID and !MemberSuffix. |
| | 46 | {{{ |
| | 47 | </AttributeFilterPolicy> |
| | 48 | |
| | 49 | <AttributeFilterPolicy id="releaseToHealthyRoads"> |
| | 50 | <PolicyRequirementRule xsi:type="basic:OR"> |
| | 51 | <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://www.healthyroadstest.com/saml/UniversityOfAlaska" /> |
| | 52 | <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://www.healthyroads.com/saml/UniversityOfAlaska" /> |
| | 53 | </PolicyRequirementRule> |
| | 54 | <AttributeRule attributeID="UniqueMemberID"> |
| | 55 | <PermitValueRule xsi:type="basic:ANY" /> |
| | 56 | </AttributeRule> |
| | 57 | <AttributeRule attributeID="MemberSuffix"> |
| | 58 | <PermitValueRule xsi:type="basic:ANY" /> |
| | 59 | </AttributeRule> |
| | 60 | <AttributeRule attributeID="displayname"> |
| | 61 | <PermitValueRule xsi:type="basic:ANY" /> |
| | 62 | </AttributeRule> |
| | 63 | <AttributeRule attributeID="email"> |
| | 64 | <PermitValueRule xsi:type="basic:ANY" /> |
| | 65 | </AttributeRule> |
| | 66 | </AttributeFilterPolicy> |
| | 67 | |
| | 68 | }}} |
