Versions Compared

Old Version 6

changes.mady.by.user Paul Scott

Saved on

compared with

New Version 7

changes.mady.by.user Paul Scott

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

Konfigurationerna under detta avsnitt fungerar endast för Shibboleth 2 3.4 eller senare. För simpleSAMLphp och ADFS kan konfigurationsexemplen endast användas som inspiration.

...

  • Personnummer hämtas via attributet mittPersonnummer från källan myLDAP.

    Code Block
    <resolver:AttributeDefinition id="norEduPersonNIN"    <AttributeDefinition xsi:type="Simple" sourceAttributeIDid="mittPersonnummernorEduPersonNIN">
       <resolver:Dependency <InputDataConnector ref="myLDAP" />

  <resolver:AttributeEncoder xsi:typeattributeNames="SAML1StringnorEduPersonNIN"/>
            xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:norEduPersonNIN" encodeType="false" />

        <resolver:AttributeEncoder<AttributeEncoder xsi:type="SAML2String"
            xmlns name="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:oid:1oid:1.3.6.1.4.1.2428.90.1.5" friendlyName="norEduPersonNIN" encodeType="false" />
    </resolver:AttributeDefinition>


Hur gör man om man har personnumret i 10 tecken och inte i LDAP-attributet norEduPersonNIN?

...

  • Personnummer hämtas via attributet employeeNumber från källan myLDAP, anpassa efter behov.
  • Personnumret kan vara både 10 och 12 siffror.
  • Använder "sliding windows" utan offset för att dynamiskt hantera 2000-problemet.
Code Block
<resolver:AttributeDefinition id="norEduPersonNIN"<AttributeDefinition  xsi:type="ScriptScriptedAttribute" xmlnsid="urn:mace:shibboleth:2.0:resolver:adnorEduPersonNIN">
        <resolver:Dependency ref="myLDAP" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1String"
                name="urn:mace:dir:attribute-def:norEduPersonNIN" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2String"
                name="urn:oid:1.3.6.1.4.1.2428.90.1.5" friendlyName="norEduPersonNIN<InputDataConnector ref="myLDAP" attributeNames="employeeNumber" />
        <Script>
                <![CDATA[
               // Script to handle 10 position wide national identity numbers
               // Create 12 position wide norEduPersonNIN from the attribute mittPersonnummeremployeeNumber
               // Change employeeNumber to your NIN attribute name
         employeeNumber to your NIN attribute name
                try {
     
                           // Get a ref to the NIN received from ldap
                                // Change mittPersonnummeremployeeNumber to your NIN attribute name
                                nin=employeeNumber.getValues().get(0);
                                // Only do decoration of NINs which are on the format YYMMDDxxxx
                                if(nin.length() == 10) {
         {
                                // Create the two alternative return strings we have to choose between 
                                        pnr19 = "19" + nin;
                                        pnr20 = "20" + nin;
                                        // Extract year/month/day from the NIN string
                                        m_y = nin.substring(0,2);
                                        m_m = nin.substring(2,4);
                                        m_d = nin.substring(4,6);
                                        // Create a Date object for the 20xx case
                                        datePnr = new Date("20" + m_y, m_m-1, m_d);
                                        // Create a Date object for the current date
                                        dateCur = new Date();
         
                                // Verify the value of datePnr before proceeding
                                        if(isNaN(datePnr.valueOf())) {
                                                throw("Failed to parse the NIN into a Date object");
                                        }
        
                                // If the 20xx case is in the future we assume 19xx for the NIN attribute
                                        if(datePnr>dateCur) {
                                                norEduPersonNIN.getValues().add(pnr19);
                                        } else {
                                                norEduPersonNIN.getValues().add(pnr20);
                                }        }
                                } else if(nin.length() == 12) {
         12) {
                                norEduPersonNIN.getValues().add(nin);
                                } else {
                                        throw("Not setting any norEduPersonNIN since it is bogus (length=" + nin.length() + "): " + nin); 
                         }       }
                }        }
                        catch(err) {
                                throw("Not setting any norEduPersonNIN due to exception: " + err); 
                 }       }
           ]]>     ]]>
        </Script>
</resolver:AttributeDefinition>

personalIdentityNumber

...