Version 3 (modified by jpmitchell@…, 13 years ago) (diff) |
---|
Shibboleth / Setup SP Attribute Release
This page documents how to setup an IdP to release attributes to an SP via its entityID.
- Check out the conf directory from the shib-svn repository.
john@fearless:~/Junk$ svn co svn+ssh://sxjpm@iron.alaska.edu/usr/local/iam/shib-svn/idp/trunk/conf A conf/service.xml ... A conf/login.config
- Add a stanza in the attribute-filter.xml config file that releases an attribute to the SP via its entityID.
john@fearless:~/Junk$ vi conf/attribute-filter.xml ... <AttributeFilterPolicy id="releaseToIAM"> <PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="https://idmt-1.alaska.edu/shibboleth" /> <AttributeRule attributeID="eduPersonPrincipalName"> <PermitValueRule xsi:type="basic:ANY" /> </AttributeRule> </AttributeFilterPolicy> ... :wq!
- Commit the the changed attribute-filter.xml file into the shib-svn repository.
john@fearless:~/Junk$ svn commit conf/ -m "Added attribute filter config for SP idmt-1"
- Test and update the Shibboleth IdPs with the Test IdP Config Change procedure.
References: