| Version 2 (modified by dabantz@…, 11 years ago) (diff) |
|---|
IAM / Projects / Shibboleth / Service Candidates / HealthyRoads (Wellness benefit)
Create the unique attributes required for this vendor, UniqueMemberID and MemberSuffix. Note they are encoded with a format of "basic" rather than the usual "uri."
<!-- UniqueMemberID for HealthRoads SP is employee # = bannerID per UA Benefits-->
<!-- If and when dependents use SSO to HealthyRoads, the UniqueMemberID will need to be the benefits-eligible employee ID# -->
<resolver:AttributeDefinition id="UniqueMemberID" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
sourceAttributeID="BannerID">
<resolver:Dependency ref="myLDAP" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
name="UniqueMemberID"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
friendlyName="UniqueMemberID"/>
</resolver:AttributeDefinition>
<!-- Create "MemberSuffix" with value of 00 for all employees for HealthyRoads SP, per UA Benefits Office -->
<resolver:AttributeDefinition id="MemberSuffix" xsi:type="Script" xmlns="urn:mace:shibboleth:2.0:resolver:ad">
<resolver:Dependency ref="eduPersonAffiliation" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
name="MemberSuffix"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
friendlyName="MemberSuffix" />
<Script>
<![CDATA[
importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
importPackage(Packages.org.slf4j);
logger = LoggerFactory.getLogger("edu.internet2.middleware.shibboleth.resolver.Script.scriptTest");
logger.debug("Starting MemberSuffix Attribute Resolver Script:");
if (MemberSuffix == null) {MemberSuffix = new BasicAttribute("MemberSuffix");}
if (eduPersonAffiliation.getValues().contains("employee") || eduPersonAffiliation.getValues().contains("Employee"))
{MemberSuffix.getValues().add("00");}
]]>
</Script>
</resolver:AttributeDefinition>
Attribute Release (for benefits-eligible employees). This releases the custom attributes for this vendor, that is, UniqueMemberID and MemberSuffix.
</AttributeFilterPolicy>
<AttributeFilterPolicy id="releaseToHealthyRoads">
<PolicyRequirementRule xsi:type="basic:OR">
<basic:Rule xsi:type="basic:AttributeRequesterString" value="https://www.healthyroadstest.com/saml/UniversityOfAlaska" />
<basic:Rule xsi:type="basic:AttributeRequesterString" value="https://www.healthyroads.com/saml/UniversityOfAlaska" />
</PolicyRequirementRule>
<AttributeRule attributeID="UniqueMemberID">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
<AttributeRule attributeID="MemberSuffix">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
<AttributeRule attributeID="displayname">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
<AttributeRule attributeID="email">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
</AttributeFilterPolicy>
