wiki:SetupSpAttrRelease

Version 3 (modified by jpmitchell@…, 13 years ago) (diff)

--

Shibboleth / Setup SP Attribute Release

This page documents how to setup an IdP to release attributes to an SP via its entityID.

  1. Check out the conf directory from the shib-svn repository.
    john@fearless:~/Junk$ svn co svn+ssh://sxjpm@iron.alaska.edu/usr/local/iam/shib-svn/idp/trunk/conf
    A    conf/service.xml
    ...
    A    conf/login.config
    
  1. Add a stanza in the attribute-filter.xml config file that releases an attribute to the SP via its entityID.
    john@fearless:~/Junk$ vi conf/attribute-filter.xml
    ...
    <AttributeFilterPolicy id="releaseToIAM">
        <PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="https://idmt-1.alaska.edu/shibboleth" />
        <AttributeRule attributeID="eduPersonPrincipalName">
            <PermitValueRule xsi:type="basic:ANY" />
        </AttributeRule>
    </AttributeFilterPolicy>
    ...
    :wq!
    
  1. Commit the the changed attribute-filter.xml file into the shib-svn repository.
    john@fearless:~/Junk$ svn commit conf/ -m "Added attribute filter config for SP idmt-1"
    
  1. Test and update the Shibboleth IdPs with the Test IdP Config Change procedure.

References: