...
Code Block |
---|
<!-- SWAMID 1.0 METADATA PROVIDER --> <MetadataProvider id="Swamid1MD" xsi:type="FileBackedHTTPMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata" metadataURL="http://md.swamid.se/md/swamid-1.0.xml" backingFile="/opt/shibboleth-idp/metadata/swamid-1.0.xml"> <MetadataFilter xsi:type="ChainingFilter" xmlns="urn:mace:shibboleth:2.0:metadata"> <MetadataFilter xsi:type="SignatureValidation" xmlns="urn:mace:shibboleth:2.0:metadata" trustEngineRef="swamid-metadata-signer" requireSignedMetadata="true" /> </MetadataFilter> </MetadataProvider> <!-- SWAMID 2.0 METADATA PROVIDER --> <MetadataProvider id="Swamid2MD" xsi:type="FileBackedHTTPMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata" metadataURL="http://md.swamid.se/md/swamid-2.0.xml" backingFile="/opt/shibboleth-idp/metadata/swamid-2.0.xml"> <MetadataFilter xsi:type="ChainingFilter" xmlns="urn:mace:shibboleth:2.0:metadata"> <MetadataFilter xsi:type="SignatureValidation" xmlns="urn:mace:shibboleth:2.0:metadata" trustEngineRef="swamid-metadata-signer" requireSignedMetadata="true" /> </MetadataFilter> </MetadataProvider> |
Ni behöver även hämta metadata för SWAMIDs testfederation för att tillåta realistiska tester för ej driftsatta tjänsteleverantörer (SP):
Code Block |
---|
<!-- SWAMID TEST METADATA PROVIDER -->
<MetadataProvider id="SwamidTestMD" xsi:type="FileBackedHTTPMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
metadataURL="http://md.swamid.se/md/swamid-testing-1.0.xml"
backingFile="/opt/shibboleth-idp/metadata/swamid-testing-1.0.xml">
<MetadataFilter xsi:type="ChainingFilter" xmlns="urn:mace:shibboleth:2.0:metadata">
<MetadataFilter xsi:type="SignatureValidation" xmlns="urn:mace:shibboleth:2.0:metadata"
trustEngineRef="swamid-metadata-signer"
requireSignedMetadata="true" />
</MetadataFilter>
</MetadataProvider>
|
attribute-filter.xml
Följande AttributeFilterPolicy är den rekommenderade för SWAMID SAML WebSSO. Den ger tillgång till grundläggande personinformation för alla SP i federationen, inkl. testfederationen. Glöm inte lägga in tillägg för Rekommenderade ändringar i attribute-resolver.xml och Rekommenderad release av statisk organisationsinformation i attribute-resolver.xml och attribute-release.xml.
...
Code Block |
---|
<!-- recommended initial attribute filter policy for swamid.se --> <AttributeFilterPolicy id="swamid"> <PolicyRequirementRule xsi:type="basic:OR"> <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="http://md.swamid.se/md/swamid-1.0.xml" /> <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="http://md.swamid.se/md/swamid-2.0.xml" /> <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="http://md.swamid.se/md/swamid-testing-1.0.xml" /> </PolicyRequirementRule> <AttributeRule attributeID="givenName"> <PermitValueRule xsi:type="basic:ANY" /> </AttributeRule> <AttributeRule attributeID="surname"> <PermitValueRule xsi:type="basic:ANY" /> </AttributeRule> <AttributeRule attributeID="displayName"> <PermitValueRule xsi:type="basic:ANY" /> </AttributeRule> <AttributeRule attributeID="commonName"> <PermitValueRule xsi:type="basic:ANY" /> </AttributeRule> <AttributeRule attributeID="eduPersonPrincipalName"> <PermitValueRule xsi:type="basic:ANY" /> </AttributeRule> <AttributeRule attributeID="email"> <PermitValueRule xsi:type="basic:ANY" /> </AttributeRule> <AttributeRule attributeID="eduPersonScopedAffiliation"> <PermitValueRule xsi:type="basic:OR"> <basic:Rule xsi:type="basic:AttributeValueString" value="faculty" ignoreCase="true" /> <basic:Rule xsi:type="basic:AttributeValueString" value="student" ignoreCase="true" /> <basic:Rule xsi:type="basic:AttributeValueString" value="staff" ignoreCase="true" /> <basic:Rule xsi:type="basic:AttributeValueString" value="alum" ignoreCase="true" /> <basic:Rule xsi:type="basic:AttributeValueString" value="member" ignoreCase="true" /> <basic:Rule xsi:type="basic:AttributeValueString" value="affiliate" ignoreCase="true" /> <basic:Rule xsi:type="basic:AttributeValueString" value="employee" ignoreCase="true" /> <basic:Rule xsi:type="basic:AttributeValueString" value="library-walk-in" ignoreCase="true" /> </PermitValueRule> </AttributeRule> </AttributeFilterPolicy> |