HealthyRoads – IAM / Shibboleth

Context Navigation

← Previous Version
View Latest Version
Next Version →

Version 1 (modified by dabantz@…, 11 years ago) (diff)
--

Create the unique attributes required for this vendor, UniqueMemberID and MemberSuffix. Note they are encoded with a format of "basic" rather than the usual "uri."

<!-- UniqueMemberID for HealthRoads SP is employee # = bannerID per UA Benefits-->
<!-- If and when dependents use SSO to HealthyRoads, the UniqueMemberID will need to be the benefits-eligible employee ID#  -->
<resolver:AttributeDefinition id="UniqueMemberID" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
sourceAttributeID="BannerID">
        <resolver:Dependency ref="myLDAP" />
        <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
                                   name="UniqueMemberID" 
                                   nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
                                   friendlyName="UniqueMemberID"/>
    </resolver:AttributeDefinition>

<!-- Create "MemberSuffix" with value of 00 for all employees for HealthyRoads SP, per UA Benefits Office -->
<resolver:AttributeDefinition id="MemberSuffix" xsi:type="Script" xmlns="urn:mace:shibboleth:2.0:resolver:ad">
       <resolver:Dependency ref="eduPersonAffiliation" />
      <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
                                   name="MemberSuffix" 
                                   nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
                                   friendlyName="MemberSuffix" />
     <Script>
     <![CDATA[
     importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
     importPackage(Packages.org.slf4j);

     logger = LoggerFactory.getLogger("edu.internet2.middleware.shibboleth.resolver.Script.scriptTest");
     logger.debug("Starting MemberSuffix Attribute Resolver Script:");

     if (MemberSuffix == null) {MemberSuffix = new BasicAttribute("MemberSuffix");}

     if (eduPersonAffiliation.getValues().contains("employee") || eduPersonAffiliation.getValues().contains("Employee"))
               {MemberSuffix.getValues().add("00");}

                ]]>
        </Script>
</resolver:AttributeDefinition>

Attribute Release (for benefits-eligible employees). This releases the custom attributes for this vendor, that is, UniqueMemberID and MemberSuffix.

</AttributeFilterPolicy>

<AttributeFilterPolicy id="releaseToHealthyRoads">
   <PolicyRequirementRule xsi:type="basic:OR">
                <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://www.healthyroadstest.com/saml/UniversityOfAlaska" />
                <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://www.healthyroads.com/saml/UniversityOfAlaska" />
        </PolicyRequirementRule>
    <AttributeRule attributeID="UniqueMemberID">
        <PermitValueRule xsi:type="basic:ANY" />
    </AttributeRule>
    <AttributeRule attributeID="MemberSuffix">
        <PermitValueRule xsi:type="basic:ANY" />
    </AttributeRule>
    <AttributeRule attributeID="displayname">
         <PermitValueRule xsi:type="basic:ANY" />
    </AttributeRule>
    <AttributeRule attributeID="email">
        <PermitValueRule xsi:type="basic:ANY" />
    </AttributeRule>
</AttributeFilterPolicy>

Download in other formats:

Plain Text