...
パネル |
---|
borderColor | #cccccc |
---|
bgColor | #eeeeee |
---|
borderStyle | solid |
---|
|
<resolver:AttributeResolver xmlns:resolver="urn:mace:shibboleth:2.0:resolver"<AttributeResolver
xmlns :pc="urn:mace:shibboleth:2.0:resolver :pc" xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad" xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc" xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder" xmlns:sec=" urn:mace:shibboleth:2.0:security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
urn:mace:shibboleth:2.0:resolver:pc http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-pc.xsd urn:mace:shibboleth:2.0:resolver:ad http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-ad.xsd urn:mace:shibboleth:2.0:resolver:dc http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-dc.xsd urn:mace:shibboleth:2.0:attribute:encoder http://shibboleth.net/schema/idp/shibboleth-attribute-encoder.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd">
(中略)
<AttributeDefinition xsi:type="Simple" id="displayName">
<InputDataConnector ref="myLDAP" attributeNames="displayName"/> <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:displayName" encodeType="false" /> <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.241" friendlyName="displayName" encodeType="false" /> </ resolver:AttributeDefinition> ←"displayName" の AttributeDefinition を追加(SAML2Stringのnameでは1.で確認したoidを指定)
(中略)
</AttributeResolver>
|
※ 途中のSAML1Stringについては、URNとして登録されていない属性の場合はこの行自体を削除してください。
3. /opt/shibboleth-idp/conf/attribute-filter.xmlへの登録
パネル |
---|
borderColor | #cccccc |
---|
bgColor | #eeeeee |
---|
borderStyle | solid |
---|
|
<AttributeFilterPolicyGroup id="..."
xmlns="urn:mace:shibboleth:2.0:afp"
(中略)
<AttributeFilterPolicy id="...">
(中略)
<AttributeRule <AttributeRule attributeID="displayName" >
<PermitValueRule xsi:type="ANY" /> </AttributeRule> ← "displayName" の AttributeRule を追加 (中略)
</AttributeFilterPolicy>
permitAny="true" />
↑ "displayName" の AttributeRule を追加
(中略)
</AttributeFilterPolicy>
(中略)
</AttributeFilterPolicyGroup>
|