Child pages
  • 4. attribute-resolver.xml
Skip to end of metadata
Go to start of metadata

1. Attribute Definision

Please uncomment the definition of following attributes.

See also Internet2 eduPerson project page

An example of "mail" attribute to be enable

    <!--
    <resolver:AttributeDefinition xsi:type="ad:Simple" id="uid" sourceAttributeID="uid">
        <resolver:Dependency ref="myLDAP" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:uid" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" />
    </resolver:AttributeDefinition>
    --> ← Add comment end
    <resolver:AttributeDefinition xsi:type="ad:Simple" id="email" sourceAttributeID="mail">
        <resolver:Dependency ref="myLDAP" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:mail" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" />
    </resolver:AttributeDefinition>
    <!-- ← Add comment begin
    <resolver:AttributeDefinition xsi:type="ad:Simple" id="homePhone" sourceAttributeID="homePhone">
        <resolver:Dependency ref="myLDAP" />

 

2. LDAP Connector Setting

    <!-- Example LDAP Connector -->
    <!-- --> ← Add comment end
    <resolver:DataConnector id="myLDAP" xsi:type="LDAPDirectory" xmlns="urn:mace:shibboleth:2.0:resolver:dc"
        ldapURL="ldap://localhost" ← LDAP URL
        baseDN="dc=sifulan,dc=asia" ← LDAP baseDN
        principal="cn=Manager,dc=sifulan,dc=asia" ← LDAP principal
        principalCredential="sifulanldap"> ← LDAP Password
       
<FilterTemplate>
            <![CDATA[
                (uid=$requestContext.principalName)
            ]]>
        </FilterTemplate>
    </resolver:DataConnector>
    <!-- --> ← Add comment begin

 

3. Computed ID Connector Setting

This configuration is required since eduPersonTargetedID has a dependency of computed ID connector.

    <!-- Computed targeted ID connector -->
    <!-- --> ← Add comment end
    <resolver:DataConnector xsi:type="dc:ComputedId"
                            id="computedID"
                            generatedAttributeID="computedID"
                            sourceAttributeID="uid"
                            salt="your random string here">
        <resolver:Dependency ref="myLDAP" />
    </resolver:DataConnector>
    <!-- --> ← Add comment begin

The salt is important so that SP cannot guess users' uid. You can generate a random string with openssl command like this.

# openssl rand -base64 20
QmHFVUrkh7DkUJRE6CDs463Bql4=

 

Previous Page Parent Page Next Page

  • No labels