| 1 | == [[https://iam.alaska.edu/shib|Shibboleth]] / Setup SP Attribute Release == |
| 2 | |
| 3 | This page documents how to setup an IdP to release attributes to an SP via its entityID. |
| 4 | |
| 5 | 1. Check out the conf directory from the shib-svn repository. |
| 6 | {{{ |
| 7 | john@fearless:~/Junk$ svn co svn+ssh://sxjpm@iron.alaska.edu/usr/local/iam/shib-svn/idp/trunk/conf |
| 8 | A conf/service.xml |
| 9 | ... |
| 10 | A conf/login.config |
| 11 | }}} |
| 12 | |
| 13 | 2. Add a stanza in the attribute-filter.xml config file that releases an attribute to the SP via its entityID. |
| 14 | {{{ |
| 15 | john@fearless:~/Junk$ vi conf/attribute-filter.xml |
| 16 | ... |
| 17 | <AttributeFilterPolicy id="releaseToIAM"> |
| 18 | <PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="https://idmt-1.alaska.edu/shibboleth" /> |
| 19 | <AttributeRule attributeID="eduPersonPrincipalName"> |
| 20 | <PermitValueRule xsi:type="basic:ANY" /> |
| 21 | </AttributeRule> |
| 22 | </AttributeFilterPolicy> |
| 23 | ... |
| 24 | :wq! |
| 25 | }}} |
| 26 | |
| 27 | 3. Commit the the changed attribute-filter.xml file into the shib-svn repository. |
| 28 | {{{ |
| 29 | john@fearless:~/Junk$ svn commit conf/ -m "Added attribute filter config for SP idmt-1" |
| 30 | }}} |
| 31 | |
| 32 | 4. Test and update the Shibboleth !IdPs with the following procedure. |