wiki:SetupSpAttrRelease

Version 4 (modified by dabantz@…, 12 years ago) (diff)

--

Shibboleth / Setup Attribute Release from IdP to an SP

This page documents how to setup an IdP to release attributes to an SP via its entityID.

  1. Check out the conf directory from the shib-svn repository.
    john@fearless:~/Junk$ svn co svn+ssh://sxjpm@iron.alaska.edu/usr/local/iam/shib-svn/idp/trunk/conf
    A    conf/service.xml
    ...
    A    conf/login.config
    
  1. Add a stanza in the attribute-filter.xml config file that releases an attribute to the SP via its entityID.
    john@fearless:~/Junk$ vi conf/attribute-filter.xml
    ...
    <AttributeFilterPolicy id="releaseToIAM">
        <PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="https://idmt-1.alaska.edu/shibboleth" />
        <AttributeRule attributeID="eduPersonPrincipalName">
            <PermitValueRule xsi:type="basic:ANY" />
        </AttributeRule>
    </AttributeFilterPolicy>
    ...
    :wq!
    
  1. Commit the the changed attribute-filter.xml file into the shib-svn repository.
    john@fearless:~/Junk$ svn commit conf/ -m "Added attribute filter config for SP idmt-1"
    
  1. Test and update the Shibboleth IdPs with the Test IdP Config Change procedure.

References: