Date: Fri, 29 Mar 2024 15:36:54 +0900 (JST) Message-ID: <181078337.1754.1711694214073@meatwiki.nii.ac.jp> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_1753_1101047475.1711694214073" ------=_Part_1753_1101047475.1711694214073 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
=E5=80=8B=E5=88=A5=E3=81=AE=E3=83=9A=E3=83=BC=E3=82= =B8=E3=81=AB=E7=A7=BB=E5=8B=95
attribute-resolver.xml=E3=82=84attribute-filter.xml=E7=AD=89=E3=81=AE=E8= =A8=AD=E5=AE=9A=E3=82=92=E8=A1=8C=E3=81=A3=E3=81=9F=E3=81=82=E3=81=A8=E3=80= =81SP=E3=81=AB=E5=AF=BE=E3=81=97=E3=81=A6=E3=81=A9=E3=81=AE=E3=82=88=E3=81= =86=E3=81=AA=E5=B1=9E=E6=80=A7=E3=81=8C=E9=80=81=E5=87=BA=E3=81=95=E3=82=8C= =E3=82=8B=E3=81=8B=E7=A2=BA=E8=AA=8D=E3=81=99=E3=82=8B=E3=81=9F=E3=82=81=E3= =81=AB=E3=81=AFShibboleth IdP=E4=BB=98=E5=B1=9E=E3=81=AEaacli.sh=E3=82=B3= =E3=83=9E=E3=83=B3=E3=83=89=E3=82=92=E5=88=A9=E7=94=A8=E3=81=99=E3=82=8B=E3= =81=93=E3=81=A8=E3=81=8C=E3=81=A7=E3=81=8D=E3=81=BE=E3=81=99=E3=80=82
=E5=88=A9=E7=94=A8=E6=96=B9=E6=B3=95=E3=80=81=E5=8F=8A=E3=81=B3=E5=87=BA= =E5=8A=9B=E7=B5=90=E6=9E=9C=E3=81=AE=E4=BE=8B=E3=81=AF=E4=BB=A5=E4=B8=8B=E3= =81=AE=E9=80=9A=E3=82=8A=E3=81=A7=E3=81=99=E3=80=82
$ /opt/= shibboleth-idp/bin/aacli.sh --principal=3D"=E3=83=A6=E3=83=BC=E3=82=B6=E5= =90=8D" --requester=3D"=E5=B1=9E=E6=80=A7=E9=80=81=E5=87=BA=E3=82=92=E7=A2= =BA=E8=AA=8D=E3=81=97=E3=81=9F=E3=81=84SP=E3=81=AEentityID" { "requester": "SP=E3=81=AEentityID", "principal": "=E3=83=A6=E3=83=BC=E3=82=B6=E5=90=8D", "attributes": [ { "name": "eduPersonEntitlement", "values": [ "StringAttributeValue{value=3DXXXXXXXXXXXXXXXXXXX}" = ] }, =20 { "name": "eduPersonTargetedID", "values": [ "XMLObjectAttributeValue{value=3Dorg.opensaml.saml.saml2.core= .impl.NameIDImpl@b8728d3}" ] }, =20 { "name": "displayName", "values": [ "StringAttributeValue{value=3DXXXXXXXXXXXXXXXXXXX}" = ] }, =20 { "name": "eduPersonPrincipalName", "values": [ "ScopedStringAttributeValue{value=3D=E3=83=A6=E3=83=BC=E3=82= =B6=E5=90=8D, scope=3D***.ac.jp}" ] } =20 ] }
aacli.sh=E3=82=B3=E3=83=9E=E3=83=B3=E3=83=89=E3=81=AE=E8=A9=B3=E7=B4=B0=
=E3=81=AF --help
=E3=81=BE=E3=81=9F=E3=81=AF -h
=
=E3=82=AA=E3=83=97=E3=82=B7=E3=83=A7=E3=83=B3=E3=81=A7=E7=A2=BA=E8=AA=8D=E3=
=81=99=E3=82=8B=E3=81=8B=E3=80=81 https=
://wiki.shibboleth.net/confluence/display/IDP4/AACLI =E3=82=92=E3=81=94=
=E5=8F=82=E7=85=A7=E3=81=8F=E3=81=A0=E3=81=95=E3=81=84=E3=80=82
=E3=82=AB=E3=82=B9=E3=82=BF=E3=83=9E=E3=82=A4=E3=82=BA=E3=81=97=E3=81=9F=
NameID=E3=81=8C=E9=80=81=E4=BF=A1=E3=81=95=E3=82=8C=E3=82=8B=E3=81=93=E3=81=
=A8=E3=82=92=E7=A2=BA=E8=AA=8D=E3=81=99=E3=82=8B=E3=81=9F=E3=82=81=E3=81=AB=
=E3=81=AF=E3=80=81=E3=82=AA=E3=83=97=E3=82=B7=E3=83=A7=E3=83=B3 --sam=
l2
=E3=82=82=E3=81=97=E3=81=8F=E3=81=AF --saml1
=E3=82=
=92=E4=BB=98=E3=81=91=E3=81=A6=E5=AE=9F=E8=A1=8C=E3=81=97=E3=81=A6=E3=81=8F=
=E3=81=A0=E3=81=95=E3=81=84=E3=80=82JSON=E5=BD=A2=E5=BC=8F=E3=81=A7=E3=81=
=AA=E3=81=8FNameID=E3=82=92=E5=90=AB=E3=82=81=E3=81=9F=E5=AE=9F=E9=9A=9B=E3=
=81=AE=E3=82=A2=E3=82=B5=E3=83=BC=E3=82=B7=E3=83=A7=E3=83=B3=E3=81=AEXML=E5=
=BD=A2=E5=BC=8F=E3=81=A7=E5=87=BA=E5=8A=9B=E3=81=95=E3=82=8C=E3=82=8B=E3=82=
=88=E3=81=86=E3=81=AB=E3=81=AA=E3=82=8A=E3=81=BE=E3=81=99=E3=80=82
=E5=90=8C=E6=A7=98=E3=81=AB=E3=80=81Encoder=E3=82=92=E3=82=AB=E3=82=B9= =E3=82=BF=E3=83=9E=E3=82=A4=E3=82=BA=E3=81=97=E3=81=A6SAML 2.0=E3=81=A7=E3= =81=AE=E3=81=BF=E3=80=81=E3=82=82=E3=81=97=E3=81=8F=E3=81=AFSAML 1.1=E3=81= =AE=E3=81=BF=E3=81=A7=E5=B1=9E=E6=80=A7=E3=81=8C=E9=80=81=E4=BF=A1=E3=81=95= =E3=82=8C=E3=82=8B=E3=81=93=E3=81=A8=E3=82=92=E7=A2=BA=E8=AA=8D=E3=81=97=E3= =81=9F=E3=81=84=E5=A0=B4=E5=90=88=E3=82=82=E3=80=81=E4=B8=8A=E8=A8=98=E3=82= =AA=E3=83=97=E3=82=B7=E3=83=A7=E3=83=B3=E3=82=92=E3=81=8A=E4=BD=BF=E3=81=84= =E3=81=8F=E3=81=A0=E3=81=95=E3=81=84=E3=80=82
=E5=80=8B=E5=88=A5=E3=81=AE=E3=83=9A=E3=83=BC=E3=82= =B8=E3=81=AB=E7=A7=BB=E5=8B=95
NameID
=E3=81=AFconf/attribute-filter.xml
=E3=81=
=AB=E8=A8=98=E8=BF=B0=E3=81=97=E3=81=AA=E3=81=8F=E3=81=A6=E3=82=82con=
f/saml-nameid.properties
=E3=81=A8conf/saml-nameid.xml
=
=E3=81=AE=E8=A8=AD=E5=AE=9A=E3=81=AB=E3=82=88=E3=82=8A=E3=80=81SP=E3=
=83=A1=E3=82=BF=E3=83=87=E3=83=BC=E3=82=BF=E3=81=AE<NameIDF=
ormat>=E3=81=AB=E5=BE=93=E3=81=A3=E3=81=A6
=E4=B8=8B=E8=A8=
=98=E3=81=AE=E9=80=9A=E3=82=8A=E9=80=81=E4=BF=A1=E3=81=97=E3=81=BE=E3=81=99=
=E3=80=82
SP=E3=83=A1=E3=82=
=BF=E3=83=87=E3=83=BC=E3=82=BF=E3=81=AE<NameIDFormat> =E3=
=81=AE=E5=80=A4 |
=E9=80=81=E4=BF=A1= =E3=81=99=E3=82=8B=E5=B1=9E=E6=80=A7 |
---|---|
urn:oasis:names:tc:SAML:2.0:nameid-format:=
transient |
transient-id |
urn:oasis:names:tc:SAML:2.0:nameid-format:=
persistent |
persistent-id |
<NameIDFormat> =E3=81=8C=E3=81=
=AA=E3=81=84 |
|
SP=E3=83=A1=E3=82=BF=E3=83=87=E3=83=BC=E3=82=BF=E3=81=AB=E8=A4=87=E6=95=
=B0=E3=81=AE<NameIDFormat>
=E3=81=8C=E3=81=82=E3=82=8B=E5=
=A0=B4=E5=90=88=E3=81=AF=E3=80=81SP=E3=83=A1=E3=82=BF=E3=83=87=E3=83=BC=E3=
=82=BF=E3=81=AE=E4=B8=A6=E3=81=B3=E9=A0=86=E3=81=A7=E9=80=81=E4=BF=A1=E5=8F=
=AF=E8=83=BD=E3=81=AA=E5=B1=9E=E6=80=A7=E3=82=92=E9=80=81=E4=BF=A1=E3=81=97=
=E3=81=BE=E3=81=99=E3=80=82persistent-id
=E3=81=AE=E8=A8=AD=E5=AE=9A=E3=82=92=E8=A1=8C=E3=81=A3=E3=
=81=A6=E3=81=84=E3=81=AA=E3=81=84=E3=81=AA=E3=81=A9=E9=80=81=E4=BF=A1=E5=8F=
=AF=E8=83=BD=E3=81=AA=E5=B1=9E=E6=80=A7=E3=81=8C=E3=81=AA=E3=81=84=E5=A0=B4=
=E5=90=88=E3=81=AF=E3=80=81//saml2:Subject/saml2:NameID
=E8=87=
=AA=E4=BD=93=E3=81=8C=E9=80=81=E4=BF=A1=E3=81=95=E3=82=8C=E3=81=BE=E3=81=9B=
=E3=82=93=E3=80=82
=E3=81=8C=E3=81=AA=E3=81=
=84SP=E3=81=AE=E5=A0=B4=E5=90=88=E3=81=A8<NameIDFormat>
<NameIDFormat>
=
=E3=81=8Curn:oasis:names:tc:SAML:2.0:nameid-format:persistent=
code>
=E3=81=AE=E5=A0=B4=E5=90=88=E3=81=AE
=E3=81=AE=E4=BE=8B=E3=82=92=E4=B8=8B=E8=A8=98=E3=
=81=AB=E7=A4=BA=E3=81=97=E3=81=BE=E3=81=99=E3=80=82//saml2:Subject=
/saml2:NameID
<NameIDFormat>
=E3=81=8C=E3=81=AA=E3=81=84SP=E3=81=
=AE=E5=A0=B4=E5=90=88
<saml= 2:Subject> <saml2:NameID Format=3D"urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier=3D"https://idp.example.ac.jp/idp/shibboleth" SPNameQualifier=3D"https://sp1.example.jp/shibboleth-sp">AAdzZWN= yZXQxgUnobM3/AN3fn8DfZPDqBp/GnKNxc5JR4nxXAxDAXZZSg0AZSrDh1Sip1fl9JGYrm2NWjl= 8zHKxHmbsgS/mFZ1ZlSYQ2U/Kz7tCQ+SDswixwLRcGg3tDvVSAY8imKSrElGWSm5gMM45D4rkeQ= ONJYr7gQZ13</saml2:NameID>
<NameIDFormat>=E3=81=8Curn:oasis:names:tc:SAML:2.0:namei=
d-format:persistent
=E3=81=AE=E5=A0=B4=E5=90=88
<saml= 2:Subject> <saml2:NameID Format=3D"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier=3D"https://idp.example.ac.jp/idp/shibboleth" SPNameQualifier=3D"https://sp2.example.jp/shibboleth-sp">oiUiApw= GnBP8pS3HZJ02ZW/aOTI=3D</saml2:NameID>
transient-id
=E3=81=AE=E3=83=87=E3=83=95=E3=82=A9=E3=83=AB=
=E3=83=88=E3=81=AFCryptoTransientId
=E3=81=AB=E5=A4=89=E6=9B=B4=
=E3=81=AB=E3=81=AA=E3=82=8A=E3=81=BE=E3=81=97=E3=81=9F=E3=80=82Crypto=
TransientId
=E3=81=AE=E4=BD=BF=E7=94=A8=E4=BE=8B=E3=82=92=E4=B8=8B=E8=
=A8=98=E3=81=AB=E7=A4=BA=E3=81=97=E3=81=BE=E3=81=99=E3=80=82
<saml= 2:Subject> <saml2:NameID Format=3D"urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier=3D"https://idp.example.ac.jp/idp/shibboleth" SPNameQualifier=3D"https://sp1.example.jp/shibboleth-sp">AAdzZWN= yZXQxgUnobM3/AN3fn8DfZPDqBp/GnKNxc5JR4nxXAxDAXZZSg0AZSrDh1Sip1fl9JGYrm2NWjl= 8zHKxHmbsgS/mFZ1ZlSYQ2U/Kz7tCQ+SDswixwLRcGg3tDvVSAY8imKSrElGWSm5gMM45D4rkeQ= ONJYr7gQZ13</saml2:NameID>
IdP 2=E7=B3=BB=E3=81=A8=E5=90=8C=E3=81=98=E7=9F=AD=E3=81=84transie=
nt-id
=E3=82=92=E4=BD=BF=E3=81=84=E3=81=9F=E3=81=84=E5=A0=B4=E5=90=88=
=E3=81=AF=E4=B8=8B=E8=A8=98=E3=81=AE=E5=A4=89=E6=9B=B4=E3=82=92=E8=A1=8C=E3=
=81=84=E3=81=BE=E3=81=99=E3=80=82
conf/saml-nameid.properties
idp.transientId.ge=
nerator
=E3=82=92=E3=82=A2=E3=83=B3=E3=82=B3=E3=83=A1=E3=83=B3=E3=83=
=88=E3=81=97=E3=81=A6=E3=80=81=E5=80=A4=E3=82=92shibboleth.StoredTran=
sientIdGenerator
=E3=81=AB=E5=A4=89=E6=9B=B4=E3=81=97=E3=81=BE=E3=81=
=99=E3=80=82
# Set t= o shibboleth.StoredTransientIdGenerator for server-side transient ID storag= e idp.transientId.generator =3D shibboleth.StoredTransientIdGenerator
# Set = to shibboleth.StoredTransientIdGenerator for server-side transient ID stora= ge -#idp.transientId.generator =3D shibboleth.CryptoTransientIdGenerator +idp.transientId.generator =3D shibboleth.StoredTransientIdGenerator
StoredTransientId
=E3=81=AE=E4=BD=BF=E7=94=A8=E4=BE=8B=E3=82=
=92=E4=B8=8B=E8=A8=98=E3=81=AB=E7=A4=BA=E3=81=97=E3=81=BE=E3=81=99=E3=80=82=
<saml= 2:Subject> <saml2:NameID Format=3D"urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier=3D"https://idp.example.ac.jp/idp/shibboleth" SPNameQualifier=3D"https://sp1.example.jp/shibboleth-sp">_f358fb= 015b9b45c7d18a4a2647e79c33</saml2:NameID>
=E9=96=A2=E9=80=A3: [Shibboleth Wiki] Disable use of internal encryption= key
computedId=E3=81=A7=E3=81=AE=E8=A8=AD=E5=AE=9A=E3=82=92=E4=B8=8B=E8=A8= =98=E3=81=AB=E7=A4=BA=E3=81=97=E3=81=BE=E3=81=99=E3=80=82
conf/saml-nameid.xml
<ref bean=3D"shibbolet=
h.SAML2PersistentGenerator" />
=E3=82=92=E3=82=A2=E3=83=B3=
=E3=82=B3=E3=83=A1=E3=83=B3=E3=83=88=E3=81=97=E3=81=A6=E6=9C=89=E5=8A=B9=E3=
=81=AB=E3=81=97=E3=81=BE=E3=81=99=E3=80=82
= <!-- Uncommenting this bean requires configuration in saml-nameid.proper= ties. --> <!-- --> <ref bean=3D"shibboleth.SAML2PersistentGenerator" /> <!-- -->
= <!-- Uncommenting this bean requires configuration in saml-nameid.prop= erties. --> - <!-- + <!-- --> <ref bean=3D"shibboleth.SAML2PersistentGenerator" /> - --> + <!-- -->
=E4=B8=80=E9=83=A8=E3=81=AESP=E3=81=AB=E3=81=A0=E3=81=91persistent-id=E3= =82=92=E9=80=81=E4=BF=A1=E3=81=97=E3=81=9F=E3=81=84=E5=A0=B4=E5=90=88=E3=80= =81=E5=BD=93=E8=A9=B2=E7=AE=87=E6=89=80=E3=82=92=E3=82=A2=E3=83=B3=E3=82=B3= =E3=83=A1=E3=83=B3=E3=83=88=E3=81=9B=E3=81=9A=E3=81=AB=E3=80=81=E4=BB=A5=E4= =B8=8B=E3=82=92=E6=8C=BF=E5=85=A5=E3=81=99=E3=82=8B=E3=81=A8=E5=AF=BE=E8=B1= =A1SP=E3=82=92=E6=8C=87=E5=AE=9A=E3=81=99=E3=82=8B=E3=81=93=E3=81=A8=E3=81= =8C=E3=81=A7=E3=81=8D=E3=81=BE=E3=81=99=E3=80=82
= <bean parent=3D"shibboleth.SAML2PersistentGenerator"> <property name=3D"activationCondition"> <bean parent=3D"shibboleth.Conditions.RelyingPartyId" c:= candidates=3D"#{{'https://test-sp1.gakunin.nii.ac.jp/shibboleth-sp', 'https= ://test-sp2.gakunin.nii.ac.jp/shibboleth-sp'}}" /> </property> </bean>
conf/saml-nameid.properties
idp.persistentId.g=
enerator
=E3=81=AE=E3=83=87=E3=83=95=E3=82=A9=E3=83=AB=E3=83=88=E3=81=
=AFComputedId
=E3=81=AE=E8=A8=AD=E5=AE=9A=E3=81=AE=E3=81=9F=E3=
=82=81=E3=80=81idp.persistentId.sourceAttribute
=E3=81=A8=
idp.persistentId.salt
=E3=81=AE=E3=81=BF=E3=82=92=E8=A8=AD=E5=AE=9A=
=E3=81=97=E3=81=BE=E3=81=99=E3=80=82idp.persistentId.salt
=E3=
=81=AB=E3=81=AF=E4=BB=96=E4=BA=BA=E3=81=8C=E6=8E=A8=E6=B8=AC=E3=81=A7=E3=81=
=8D=E3=81=AA=E3=81=84=E3=83=A9=E3=83=B3=E3=83=80=E3=83=A0=E3=81=AA=E5=80=A4=
=E3=82=92=E6=8C=87=E5=AE=9A=E3=81=97=E3=81=A6=E3=81=8F=E3=81=A0=E3=81=95=E3=
=81=84=E3=80=82=E5=8F=A4=E3=81=84IdP=E3=81=8B=E3=82=89=E8=A8=AD=E5=AE=9A=E3=
=82=92=E5=BC=95=E3=81=8D=E7=B6=99=E3=81=90=E5=A0=B4=E5=90=88=E3=81=AF=E5=90=
=8C=E3=81=98=E5=80=A4=E3=82=92=E6=8C=87=E5=AE=9A=E3=81=97=E3=81=A6=E3=81=8F=
=E3=81=A0=E3=81=95=E3=81=84=E3=80=82
# Persi= stent IDs can be computed on the fly with a hash, or managed in a database # For computed IDs, set a source attribute and a secret salt: idp.persistentId.sourceAttribute =3D uid #idp.persistentId.useUnfilteredAttributes =3D true # Do *NOT* share the salt with other people, it's like divulging your priva= te key. #idp.persistentId.algorithm =3D SHA idp.persistentId.salt =3D XXXXXXXXXXXXXXXXXXXXXXXXXXX
# Pers= istent IDs can be computed on the fly with a hash, or managed in a database # For computed IDs, set a source attribute and a secret salt: -#idp.persistentId.sourceAttribute =3D changethistosomethingreal +idp.persistentId.sourceAttribute =3D uid #idp.persistentId.useUnfilteredAttributes =3D true # Do *NOT* share the salt with other people, it's like divulging your priv= ate key. #idp.persistentId.algorithm =3D SHA -#idp.persistentId.salt =3D changethistosomethingrandom +idp.persistentId.salt =3D XXXXXXXXXXXXXXXXXXXXXXXXXXX
conf/attribute-resolver.xml
idp.persistentId.s=
ourceAttribute
=E3=81=A7=E6=8C=87=E5=AE=9A=E3=81=97=E3=81=9F=E5=B1=9E=
=E6=80=A7=E3=81=8CLDAP=E3=81=A7=E5=AE=9A=E7=BE=A9=E3=81=95=E3=82=8C=E3=81=
=A6=E3=81=84=E3=82=8B=E3=81=AE=E3=81=BF=E3=81=A7conf/attribute-resolv=
er.xml
=E3=81=AE=E5=AF=BE=E5=BF=9C=E3=81=99=E3=82=8Bresolver:At=
tributeDefinition
=E3=81=8C=E3=82=B3=E3=83=A1=E3=83=B3=E3=83=88=E3=82=
=A2=E3=82=A6=E3=83=88=E3=81=95=E3=82=8C=E3=81=A6=E3=81=84=E3=82=8B=E5=A0=B4=
=E5=90=88=E3=81=AF=E3=80=81=E5=BD=93=E8=A9=B2resolver:AttributeDefini=
tion
=E3=82=92=E3=82=A2=E3=83=B3=E3=82=B3=E3=83=A1=E3=83=B3=E3=83=88=
=E3=81=97=E3=81=BE=E3=81=99=E3=80=82=EF=BC=88=E4=BB=A5=E4=B8=8B=E3=81=AFuid
=E3=82=
=92=E6=8C=87=E5=AE=9A=E3=81=97=E3=81=9F=E5=A0=B4=E5=90=88=E3=81=AE=E4=BE=8B=
=EF=BC=89
<= !-- Schema: Core schema attributes--> <!-- --> <resolver:AttributeDefinition xsi:type=3D"ad:Simple" id=3D"uid" sour= ceAttributeID=3D"uid"> <resolver:Dependency ref=3D"myLDAP" /> <resolver:AttributeEncoder xsi:type=3D"enc:SAML1String" name=3D"= urn:mace:dir:attribute-def:uid" encodeType=3D"false" /> <resolver:AttributeEncoder xsi:type=3D"enc:SAML2String" name=3D"= urn:oid:0.9.2342.19200300.100.1.1" friendlyName=3D"uid" encodeType=3D"false= " /> </resolver:AttributeDefinition> <!--
&l= t;!-- Schema: Core schema attributes--> - <!-- + <!-- --> <resolver:AttributeDefinition xsi:type=3D"ad:Simple" id=3D"uid" sou= rceAttributeID=3D"uid"> <resolver:Dependency ref=3D"myLDAP" /> <resolver:AttributeEncoder xsi:type=3D"enc:SAML1String" name=3D= "urn:mace:dir:attribute-def:uid" encodeType=3D"false" /> <resolver:AttributeEncoder xsi:type=3D"enc:SAML2String" name=3D= "urn:oid:0.9.2342.19200300.100.1.1" friendlyName=3D"uid" encodeType=3D"fals= e" /> </resolver:AttributeDefinition> + <!--
=E4=BB=96=E3=81=AE=E7=94=A8=E9=80=94=E3=81=AB=E4=BD=BF=E7=94=A8=E3=81=97=
=E3=81=AA=E3=81=84=E5=A0=B4=E5=90=88=E3=81=AFresolver:AttributeEncode=
r
=E3=81=AE2=E8=A1=8C=E3=81=AF=E3=82=B3=E3=83=A1=E3=83=B3=E3=83=88=E3=
=82=A2=E3=82=A6=E3=83=88=E3=81=97=E3=81=A6=E3=81=8B=E3=81=BE=E3=81=84=E3=81=
=BE=E3=81=9B=E3=82=93=E3=80=82
computedId=E3=81=A7=E3=81=AE=E8=A8=AD=E5=AE=9A=E3=82=92=E4=B8=8B=E8=A8= =98=E3=81=AB=E7=A4=BA=E3=81=97=E3=81=BE=E3=81=99=E3=80=82
conf/saml-nameid.xml
<ref bean=3D"shibbolet=
h.SAML2PersistentGenerator" />
=E3=82=92=E3=82=A2=E3=83=B3=
=E3=82=B3=E3=83=A1=E3=83=B3=E3=83=88=E3=81=97=E3=81=A6=E6=9C=89=E5=8A=B9=E3=
=81=AB=E3=81=97=E3=81=BE=E3=81=99=E3=80=82
<!-- = Uncommenting this bean requires configuration in saml-nameid.properties. --= > <!-- --> <ref bean=3D"shibboleth.SAML2PersistentGenerator" /> <!-- -->
conf/saml-nameid.propertiesidp.persistentId.generator=E3=81=AE=E3=83=87=E3=83=95=E3=82=A9=E3=83=AB=E3=83=88=E3=81=AF
Comp=
utedId
=E3=81=AE=E8=A8=AD=E5=AE=9A=E3=81=AE=E3=81=9F=E3=82=81=E3=80=
=81idp.persistentId.sourceAttribute
=E3=81=A8idp.persiste=
ntId.salt
=E3=81=AE=E3=81=BF=E3=82=92=E8=A8=AD=E5=AE=9A=E3=81=97=E3=
=81=BE=E3=81=99=E3=80=82
# Set t= o shibboleth.StoredPersistentIdGenerator for db-backed storage # and uncomment/name the PersistentIdStore bean to use #idp.persistentId.generator =3D shibboleth.ComputedPersistentIdGenerator # Otherwise for computed PersistentIDs set the source attribute and salt. idp.persistentId.sourceAttribute =3D uid4persistentId idp.persistentId.salt =3D changethistosomethingrandom
conf/attribute-resolver.xml
=E3=81=A8conf/attribut=
e-filter.xml
idp.persistentId.sourceAttribute
=E3=81=
=A7=E6=8C=87=E5=AE=9A=E3=81=97=E3=81=9F=E5=B1=9E=E6=80=A7=E3=81=8CLDAP=E3=
=81=A7=E5=AE=9A=E7=BE=A9=E3=81=95=E3=82=8C=E3=81=A6=E3=81=84=E3=82=8B=E3=81=
=AE=E3=81=BF=E3=81=A7conf/attribute-resolver.xml
=E3=81=AEresolver:AttributeDefinition
=E3=81=A7=E5=AE=9A=E7=BE=A9=E3=81=95=E3=
=82=8C=E3=81=A6=E3=81=84=E3=81=AA=E3=81=84=E5=A0=B4=E5=90=88=E3=81=AF=E3=80=
=81PersistentIdGenerator
=E3=81=8B=E3=82=89=E5=8F=82=E7=85=A7=
=E3=81=A7=E3=81=8D=E3=81=BE=E3=81=9B=E3=82=93=E3=81=AE=E3=81=A7=E4=BB=A5=E4=
=B8=8B=E3=81=AE=E3=82=88=E3=81=86=E3=81=AB=E5=AE=9A=E7=BE=A9=E3=81=97=E3=80=
=81conf/attribute-filter.xml
=E3=81=A7=E9=80=81=E4=BF=A1=E8=A8=
=AD=E5=AE=9A=E3=82=92=E8=A1=8C=E3=81=84=E3=81=BE=E3=81=99=E3=80=82=E4=BB=96=
=E3=81=AE=E7=94=A8=E9=80=94=E3=81=AB=E4=BD=BF=E7=94=A8=E3=81=97=E3=81=AA=E3=
=81=84=E5=A0=B4=E5=90=88resolver:AttributeEncoder
=E3=81=AE2=E8=
=A1=8C=E3=81=AF=E4=B8=8D=E8=A6=81=E3=81=A7=E3=81=99=E3=80=82
<!-- = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --> <!-- PersistentId Definition --> <!-- =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --> <!-- Attribute Definition for %{idp.persistentId.sourceAttribute} --> <resolver:AttributeDefinition id=3D"%{idp.persistentId.sourceAttribute}"= xsi:type=3D"ad:Simple" sourceAttributeID=3D"uid"> <resolver:Dependency ref=3D"myLDAP" /> </resolver:AttributeDefinition>
<!-- = Release to anyone --> <afp:AttributeFilterPolicy id=3D"PolicyforAnyone"> <afp:PolicyRequirementRule xsi:type=3D"basic:ANY" /> <afp:AttributeRule attributeID=3D"%{idp.persistentId.sourceAttribute= }"> <afp:PermitValueRule xsi:type=3D"basic:ANY" /> </afp:AttributeRule> </afp:AttributeFilterPolicy>
conf/intercept/consent-intercept-config.xml
=E3=83=A6=E3=83=BC=E3=82=B6=E5=90=8C=E6=84=8F=E7=94=BB=E9=9D=A2=E3=81=AB=E3=
=81=A6%{idp.persistentId.sourceAttribute}
=E3=82=92=E8=A1=A8=E7=
=A4=BA=E3=81=97=E3=81=AA=E3=81=84=E3=82=88=E3=81=86=E3=81=AB=E3=80=81util:l=
ist[@id=3D"shibboleth.consent.attribute-release.BlacklistedAttributeIDs"]=
=E3=81=AB%{idp.persistentId.sourceAttribute}
=E3=82=92=E8=BF=BD=
=E5=8A=A0=E3=81=97=E3=81=BE=E3=81=99=E3=80=82
<util= :list id=3D"shibboleth.consent.attribute-release.BlacklistedAttributeIDs"&g= t; <value>transientId</value> <value>persistentId</value> <value>eduPersonTargetedID</value> <value>%{idp.persistentId.sourceAttribute}</value> </util:list>
storedId=E3=81=A7=E3=81=AE=E8=A8=AD=E5=AE=9A=E3=82=92=E4=B8=8B=E8=A8=98= =E3=81=AB=E7=A4=BA=E3=81=97=E3=81=BE=E3=81=99=E3=80=82
MySQL=E4=B8=8A=E3=81=AB=E3=83=87=E3=83=BC=E3=82=BF=E3=83=99=E3=83=BC=E3=
=82=B9 shibboleth
=E3=81=8C=E5=AD=98=E5=9C=A8=E3=81=99=E3=82=
=8B=E3=81=93=E3=81=A8=E3=82=92=E5=89=8D=E6=8F=90=E3=81=A8=E3=81=97=E3=81=A6=
=E3=81=8A=E3=82=8A=E3=81=BE=E3=81=99=E3=80=82=E3=81=BE=E3=81=9F=E3=80=81MyS=
QL Connector/J (mysql-connector-java-5.1.xx-bin.jar)=E3=82=92=E3=82=A4=E3=
=83=B3=E3=82=B9=E3=83=88=E3=83=BC=E3=83=AB=E3=81=97=E3=81=A6=E3=81=8A=E3=81=
=84=E3=81=A6=E3=81=8F=E3=81=A0=E3=81=95=E3=81=84=E3=80=82
conf/saml-nameid.xml
<ref bean=3D"shibbolet=
h.SAML2PersistentGenerator" />
=E3=82=92=E3=82=A2=E3=83=B3=
=E3=82=B3=E3=83=A1=E3=83=B3=E3=83=88=E3=81=97=E3=81=A6=E6=9C=89=E5=8A=B9=E3=
=81=AB=E3=81=97=E3=81=BE=E3=81=99=E3=80=82
= <!-- Uncommenting this bean requires configuration in saml-nameid.proper= ties. --> <!-- --> <ref bean=3D"shibboleth.SAML2PersistentGenerator" /> <!-- -->
= <!-- Uncommenting this bean requires configuration in saml-nameid.prop= erties. --> - <!-- + <!-- --> <ref bean=3D"shibboleth.SAML2PersistentGenerator" /> - --> + <!-- -->
=E4=B8=80=E9=83=A8=E3=81=AESP=E3=81=AB=E3=81=A0=E3=81=91persistent-id=E3= =82=92=E9=80=81=E4=BF=A1=E3=81=97=E3=81=9F=E3=81=84=E5=A0=B4=E5=90=88=E3=80= =81=E5=BD=93=E8=A9=B2=E7=AE=87=E6=89=80=E3=82=92=E3=82=A2=E3=83=B3=E3=82=B3= =E3=83=A1=E3=83=B3=E3=83=88=E3=81=9B=E3=81=9A=E3=81=AB=E3=80=81=E4=BB=A5=E4= =B8=8B=E3=82=92=E6=8C=BF=E5=85=A5=E3=81=99=E3=82=8B=E3=81=A8=E5=AF=BE=E8=B1= =A1SP=E3=82=92=E6=8C=87=E5=AE=9A=E3=81=99=E3=82=8B=E3=81=93=E3=81=A8=E3=81= =8C=E3=81=A7=E3=81=8D=E3=81=BE=E3=81=99=E3=80=82
= <bean parent=3D"shibboleth.SAML2PersistentGenerator"> <property name=3D"activationCondition"> <bean parent=3D"shibboleth.Conditions.RelyingPartyId" c:= candidates=3D"#{{'https://test-sp1.gakunin.nii.ac.jp/shibboleth-sp', 'https= ://test-sp2.gakunin.nii.ac.jp/shibboleth-sp'}}" /> </property> </bean>
conf/saml-nameid.properties
idp.persistentId.s=
ourceAttribute,
idp.persistentId.salt, =
idp.persistentId.generator=E3=81=A8idp.persistentId.store
=E3=82=92=
=E8=A8=AD=E5=AE=9A=E3=81=97=E3=81=BE=E3=81=99=E3=80=82idp.persistentI=
d.salt
=E3=81=AB=E3=81=AF=E4=BB=96=E4=BA=BA=E3=81=8C=E6=8E=A8=E6=B8=
=AC=E3=81=A7=E3=81=8D=E3=81=AA=E3=81=84=E3=83=A9=E3=83=B3=E3=83=80=E3=83=A0=
=E3=81=AA=E5=80=A4=E3=82=92=E6=8C=87=E5=AE=9A=E3=81=97=E3=81=A6=E3=81=8F=E3=
=81=A0=E3=81=95=E3=81=84=E3=80=82=E5=8F=A4=E3=81=84IdP=E3=81=8B=E3=82=89=E8=
=A8=AD=E5=AE=9A=E3=82=92=E5=BC=95=E3=81=8D=E7=B6=99=E3=81=90=E5=A0=B4=E5=90=
=88=E3=81=AF=E5=90=8C=E3=81=98=E5=80=A4=E3=82=92=E6=8C=87=E5=AE=9A=E3=81=97=
=E3=81=A6=E3=81=8F=E3=81=A0=E3=81=95=E3=81=84=E3=80=82
# Persi= stent IDs can be computed on the fly with a hash, or managed in a database # For computed IDs, set a source attribute and a secret salt: idp.persistentId.sourceAttribute =3D uid #idp.persistentId.useUnfilteredAttributes =3D true # Do *NOT* share the salt with other people, it's like divulging your priva= te key. #idp.persistentId.algorithm =3D SHA idp.persistentId.salt =3D XXXXXXXXXXXXXXXXXXXXXXXXXXX # To use a database, use shibboleth.StoredPersistentIdGenerator idp.persistentId.generator =3D shibboleth.StoredPersistentIdGenerator # For basic use, set this to a JDBC DataSource bean name: idp.persistentId.dataSource =3D MyDataSource # For advanced use, set to a bean inherited from shibboleth.JDBCPersistentI= dStore #idp.persistentId.store =3D MyPersistentIdStore # Set to an empty property to skip hash-based generation of first stored ID #idp.persistentId.computed =3D shibboleth.ComputedPersistentIdGenerator
# Pers= istent IDs can be computed on the fly with a hash, or managed in a database # For computed IDs, set a source attribute and a secret salt: -#idp.persistentId.sourceAttribute =3D changethistosomethingreal +idp.persistentId.sourceAttribute =3D uid #idp.persistentId.useUnfilteredAttributes =3D true # Do *NOT* share the salt with other people, it's like divulging your priv= ate key. #idp.persistentId.algorithm =3D SHA -#idp.persistentId.salt =3D changethistosomethingrandom +idp.persistentId.salt =3D XXXXXXXXXXXXXXXXXXXXXXXXXXX # To use a database, use shibboleth.StoredPersistentIdGenerator -#idp.persistentId.generator =3D shibboleth.ComputedPersistentIdGenerator +idp.persistentId.generator =3D shibboleth.StoredPersistentIdGenerator # For basic use, set this to a JDBC DataSource bean name: -#idp.persistentId.dataSource =3D PersistentIdDataSource +idp.persistentId.dataSource =3D MyDataSource # For advanced use, set to a bean inherited from shibboleth.JDBCPersistent= IdStore #idp.persistentId.store =3D MyPersistentIdStore # Set to an empty property to skip hash-based generation of first stored I= D #idp.persistentId.computed =3D shibboleth.ComputedPersistentIdGenerator
conf/attribute-resolver.xml
idp.persistentId.s=
ourceAttribute
=E3=81=A7=E6=8C=87=E5=AE=9A=E3=81=97=E3=81=9F=E5=B1=9E=
=E6=80=A7=E3=81=8CLDAP=E3=81=A7=E5=AE=9A=E7=BE=A9=E3=81=95=E3=82=8C=E3=81=
=A6=E3=81=84=E3=82=8B=E3=81=AE=E3=81=BF=E3=81=A7conf/attribute-resolv=
er.xml
=E3=81=AE=E5=AF=BE=E5=BF=9C=E3=81=99=E3=82=8Bresolver:At=
tributeDefinition
=E3=81=8C=E3=82=B3=E3=83=A1=E3=83=B3=E3=83=88=E3=82=
=A2=E3=82=A6=E3=83=88=E3=81=95=E3=82=8C=E3=81=A6=E3=81=84=E3=82=8B=E5=A0=B4=
=E5=90=88=E3=80=81=E5=BD=93=E8=A9=B2resolver:AttributeDefinition=E3=82=92=E3=82=A2=E3=83=B3=E3=82=B3=E3=83=A1=E3=83=B3=E3=83=88=E3=81=97=
=E3=81=BE=E3=81=99=E3=80=82=EF=BC=88=E4=BB=A5=E4=B8=8B=E3=81=AF
source=
Attribute
=E3=81=A8=E3=81=97=E3=81=A6uid
=E3=82=92=E6=8C=
=87=E5=AE=9A=E3=81=97=E3=81=9F=E5=A0=B4=E5=90=88=E3=81=AE=E4=BE=8B=EF=BC=89=
<= !-- Schema: Core schema attributes--> <!-- --> <resolver:AttributeDefinition xsi:type=3D"ad:Simple" id=3D"uid" sour= ceAttributeID=3D"uid"> <resolver:Dependency ref=3D"myLDAP" /> <resolver:AttributeEncoder xsi:type=3D"enc:SAML1String" name=3D"= urn:mace:dir:attribute-def:uid" encodeType=3D"false" /> <resolver:AttributeEncoder xsi:type=3D"enc:SAML2String" name=3D"= urn:oid:0.9.2342.19200300.100.1.1" friendlyName=3D"uid" encodeType=3D"false= " /> </resolver:AttributeDefinition> <!--
&l= t;!-- Schema: Core schema attributes--> - <!-- + <!-- --> <resolver:AttributeDefinition xsi:type=3D"ad:Simple" id=3D"uid" sou= rceAttributeID=3D"uid"> <resolver:Dependency ref=3D"myLDAP" /> <resolver:AttributeEncoder xsi:type=3D"enc:SAML1String" name=3D= "urn:mace:dir:attribute-def:uid" encodeType=3D"false" /> <resolver:AttributeEncoder xsi:type=3D"enc:SAML2String" name=3D= "urn:oid:0.9.2342.19200300.100.1.1" friendlyName=3D"uid" encodeType=3D"fals= e" /> </resolver:AttributeDefinition> + <!--
=E4=BB=96=E3=81=AE=E7=94=A8=E9=80=94=E3=81=AB=E4=BD=BF=E7=94=A8=E3=81=97=
=E3=81=AA=E3=81=84=E5=A0=B4=E5=90=88=E3=81=AFresolver:AttributeEncode=
r
=E3=81=AE2=E8=A1=8C=E3=81=AF=E3=82=B3=E3=83=A1=E3=83=B3=E3=83=88=E3=
=82=A2=E3=82=A6=E3=83=88=E3=81=97=E3=81=A6=E3=81=8B=E3=81=BE=E3=81=84=E3=81=
=BE=E3=81=9B=E3=82=93=E3=80=82
shibpid=E3=83=86=E3=83=BC=E3=83=96=E3=83=AB=E3=81=AE=E4=BD=9C=E6=88=
=90
shibpid=E3=83=86=E3=83=BC=E3=83=96=E3=83=AB=E3=82=92=E4=BD=9C=E6=88=90=E3=
=81=97=E3=81=BE=E3=81=99=E3=80=82
CREATE T= ABLE shibpid ( localEntity VARCHAR(255) NOT NULL, peerEntity VARCHAR(255) NOT NULL, persistentId VARCHAR(50) NOT NULL, principalName VARCHAR(50) NOT NULL, localId VARCHAR(50) NOT NULL, peerProvidedId VARCHAR(50) NULL, creationDate TIMESTAMP NOT NULL, deactivationDate TIMESTAMP NULL, PRIMARY KEY (localEntity, peerEntity, persistentId) ) ENGINE=3DInnoDB DEFAULT CHARSET=3Dutf8;
conf/global.xml
conf/global.xml
=E3=81=
=A7bean MyDataSource
=E3=82=92=E5=AE=9A=E7=BE=A9=E3=81=97=
=E3=81=BE=E3=81=99=E3=80=82=E3=83=A6=E3=83=BC=E3=82=B6=E5=90=8C=E6=84=
=8F=E3=81=AE=E6=83=85=E5=A0=B1=E3=82=92MySQL=E3=81=AB=E4=BF=9D=E5=AD=98=E3=
=81=99=E3=82=8B=E8=A8=AD=E5=AE=9A=E3=82=82=E3=81=97=E3=81=8F=E3=81=AFuApproveJP=E7=AD=89=E3=81=A7=E8=A8=AD=E5=AE=9A=E6=B8=88=E3=81=BF=E3=81=AE=E5=A0=B4=
=E5=90=88=E3=80=81=E9=87=8D=E8=A4=87=E3=81=A8=E3=81=AA=E3=82=8B=E3=81=9F=E3=
=82=81=E3=81=93=E3=81=AE=E5=AE=9A=E7=BE=A9=E3=81=AF=E4=B8=8D=E8=A6=81=E3=81=
=A7=E3=81=99=E3=80=82
<= !-- Use this file to define any custom beans needed globally. --> <!-- A DataSource bean suitable for use in the idp.persistentId.data= Source property. --> <bean id=3D"MyDataSource" class=3D"org.apache.commons.dbcp2.BasicDataSource" p:driverClassName=3D"com.mysql.jdbc.Driver" p:url=3D"jdbc:mysql://localhost:3306/shibboleth" p:username=3D"username" p:password=3D"password" p:maxTotal=3D"10" p:maxIdle=3D"5" p:maxWaitMillis=3D"15000" p:testOnBorrow=3D"true" p:validationQuery=3D"select 1" p:validationQueryTimeout=3D"5" />
&l= t;!-- Use this file to define any custom beans needed globally. --> =20 + <!-- A DataSource bean suitable for use in the idp.persistentId.dat= aSource property. --> + <bean id=3D"MyDataSource" + class=3D"org.apache.commons.dbcp2.BasicDataSource" + p:driverClassName=3D"com.mysql.jdbc.Driver" + p:url=3D"jdbc:mysql://localhost:3306/shibboleth" + p:username=3D"username" + p:password=3D"password" + p:maxTotal=3D"10" + p:maxIdle=3D"5" + p:maxWaitMillis=3D"15000" + p:testOnBorrow=3D"true" + p:validationQuery=3D"select 1" + p:validationQueryTimeout=3D"5" />
conf/saml-nameid.xml
<ref bean=3D"shibbolet=
h.SAML2PersistentGenerator" />
=E3=82=92=E3=82=A2=E3=83=B3=E3=82=
=B3=E3=83=A1=E3=83=B3=E3=83=88=E3=81=97=E3=81=A6=E6=9C=89=E5=8A=B9=E3=81=AB=
=E3=81=97=E3=81=BE=E3=81=99=E3=80=82
<!-- = Uncommenting this bean requires configuration in saml-nameid.properties. --= > <!-- --> <ref bean=3D"shibboleth.SAML2PersistentGenerator" /> <!-- -->
conf/saml-nameid.properties
idp.persistentId.g=
enerator,
idp.persistentId.store, idp.persistentId.sourceA=
ttribute=E3=81=A8idp.persistentId.salt=E3=82=92=E8=A8=AD=E5=AE=9A=E3=81=97=
=E3=81=BE=E3=81=99=E3=80=82
# Set to= shibboleth.StoredPersistentIdGenerator for db-backed storage # and uncomment/name the PersistentIdStore bean to use idp.persistentId.generator =3D shibboleth.StoredPersistentIdGenerator idp.persistentId.store =3D PersistentIdStore # Set this to null to skip hash-based generation of first stored ID #idp.persistentId.computed =3D shibboleth.ComputedPersistentIdGenerator # Otherwise for computed PersistentIDs set the source attribute and salt. idp.persistentId.sourceAttribute =3D uid4persistentId idp.persistentId.salt =3D changethistosomethingrandom
conf/global.xml
idp.persistentId.store
=
=E3=81=AE=E5=80=A4=E3=82=92conf/global.xml
=E3=81=A7=E5=AE=9A=
=E7=BE=A9=E3=81=97=E3=81=BE=E3=81=99=E3=80=82
<!-- = Use this file to define any custom beans needed globally. --> <bean id=3D"MyDataSource" class=3D"org.apache.tomcat.dbcp.dbcp.BasicDataSource" p:driverClassName=3D"com.mysql.jdbc.Driver" p:url=3D"jdbc:mysql://localhost:3306/shibboleth" p:username=3D"username" p:password=3D"password" p:maxActive=3D"10" p:maxIdle=3D"5" p:maxWait=3D"15000" p:testOnBorrow=3D"true" p:validationQuery=3D"select 1" p:validationQueryTimeout=3D"5" /> <bean id=3D"PersistentIdStore" class=3D"net.shibboleth.idp.saml.nameid.impl.JDBCPersistentIdStore" p:dataSource-ref=3D"MyDataSource" />
<!-- = Use this file to define any custom beans needed globally. --> <bean id=3D"MyDataSource" class=3D"org.apache.tomcat.dbcp.dbcp2.BasicDataSource" p:driverClassName=3D"com.mysql.jdbc.Driver" p:url=3D"jdbc:mysql://localhost:3306/shibboleth" p:username=3D"username" p:password=3D"password" p:maxIdle=3D"5" p:maxTotal=3D"10" p:maxWaitMillis=3D"15000" p:testOnBorrow=3D"true" p:validationQuery=3D"select 1" p:validationQueryTimeout=3D"5" /> <bean id=3D"PersistentIdStore" class=3D"net.shibboleth.idp.saml.nameid.impl.JDBCPersistentIdStore" p:dataSource-ref=3D"MyDataSource" />
Tomcat 8=E4=BB=98=E5=B1=9E=E3=81=AEDBCP2=E3=81=8B=E3=82=89=E3=80=81p:maxActive
=E3=81=AFp:maxTotal
=E3=81=AB=E3=80=81=
p:maxWait
=E3=81=AFp:maxWaitMillis
=E3=81=AB=E5=A4=89=E6=
=9B=B4=E3=81=AB=E3=81=AA=E3=82=8A=E3=81=BE=E3=81=97=E3=81=9F=E3=80=82
conf/attribute-resolver.xml=E3=81=A8conf/attribute-filter.xml<=
/code>
idp.persistentId.sourceAttribute
=E3=81=A7=E6=8C=87=
=E5=AE=9A=E3=81=97=E3=81=9F=E5=B1=9E=E6=80=A7=E3=81=8CLDAP=E3=81=A7=E5=AE=
=9A=E7=BE=A9=E3=81=95=E3=82=8C=E3=81=A6=E3=81=84=E3=82=8B=E3=81=AE=E3=81=BF=
=E3=81=A7conf/attribute-resolver.xml=E3=81=AEresolver:AttributeDefini=
tion
=E3=81=A7=E5=AE=9A=E7=BE=A9=E3=81=95=E3=82=8C=E3=81=A6=E3=81=84=
=E3=81=AA=E3=81=84=E5=A0=B4=E5=90=88=E3=81=AF=E3=80=81PersistentIdGen=
erator
=E3=81=8B=E3=82=89=E5=8F=82=E7=85=A7=E3=81=A7=E3=81=8D=E3=81=
=BE=E3=81=9B=E3=82=93=E3=81=AE=E3=81=A7=E4=BB=A5=E4=B8=8B=E3=81=AE=E3=82=88=
=E3=81=86=E3=81=AB=E5=AE=9A=E7=BE=A9=E3=81=97=E3=80=81conf/attribute-=
filter.xml
=E3=81=A7=E9=80=81=E4=BF=A1=E8=A8=AD=E5=AE=9A=E3=82=92=E8=
=A1=8C=E3=81=84=E3=81=BE=E3=81=99=E3=80=82=E4=BB=96=E3=81=AE=E7=94=A8=E9=80=
=94=E3=81=AB=E4=BD=BF=E7=94=A8=E3=81=97=E3=81=AA=E3=81=84=E5=A0=B4=E5=90=88=
resolver:AttributeEncoder
=E3=81=AE2=E8=A1=8C=E3=81=AF=E4=B8=8D=
=E8=A6=81=E3=81=A7=E3=81=99=E3=80=82
<!-- = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --> <!-- PersistentId Definition --> <!-- =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --> <!-- Attribute Definition for %{idp.persistentId.sourceAttribute} --> <resolver:AttributeDefinition id=3D"%{idp.persistentId.sourceAttribute}"= xsi:type=3D"ad:Simple" sourceAttributeID=3D"uid"> <resolver:Dependency ref=3D"myLDAP" /> </resolver:AttributeDefinition>
<!-- = Release to anyone --> <afp:AttributeFilterPolicy id=3D"PolicyforAnyone"> <afp:PolicyRequirementRule xsi:type=3D"basic:ANY" /> <afp:AttributeRule attributeID=3D"%{idp.persistentId.sourceAttribute= }"> <afp:PermitValueRule xsi:type=3D"basic:ANY" /> </afp:AttributeRule> </afp:AttributeFilterPolicy>
conf/intercept/consent-intercept-config.xml
=E3=83=A6=E3=83=BC=E3=82=B6=E5=90=8C=E6=84=8F=E7=94=BB=E9=9D=A2=E3=81=AB=E3=
=81=A6%{idp.persistentId.sourceAttribute}=E3=82=92=E8=A1=A8=E7=A4=BA=E3=81=
=97=E3=81=AA=E3=81=84=E3=82=88=E3=81=86=E3=81=AB=E3=80=81util:list[@id=3D"s=
hibboleth.consent.attribute-release.BlacklistedAttributeIDs"]=E3=81=AB%{idp.persistentId.sourceAttribute}
=E3=82=92=E8=BF=BD=E5=8A=A0=E3=
=81=97=E3=81=BE=E3=81=99=E3=80=82
<util= :list id=3D"shibboleth.consent.attribute-release.BlacklistedAttributeIDs"&g= t; <value>transientId</value> <value>persistentId</value> <value>eduPersonTargetedID</value> <value>%{idp.persistentId.sourceAttribute}</value> </util:list>
NameID
=E3=81=A8=E3=81=AF=
=E5=88=A5=E3=81=AB//saml2:AttributeStatement/saml2:Attribute
=
span>[@FriendlyNam=
e=3D"eduPersonTargetedID"]
=
=E3=81=A8=E3=81=97=E3=81=A6eduPersonTargetedID
=E5=B1=9E=E6=80=A7=E3=82=92=E9=80=81=E4=BF=A1=E3=
=81=99=E3=82=8B=E8=A8=AD=E5=AE=9A=E3=81=AF=E4=B8=8B=E8=A8=98=E3=81=AE=E9=80=
=9A=E3=82=8A=E3=81=A7=E3=81=99=E3=80=82
computedId=E3=81=A7=E3=81=AE=E8=A8=AD=E5=AE=9A=E3=82=92=E4=B8=8B=E8=A8=
=98=E3=81=AB=E7=A4=BA=E3=81=97=E3=81=BE=E3=81=99=E3=80=82persistent-id=E3=81=AE=E8=A8=AD=
=E5=AE=9A=E3=82=92=E3=81=82=E3=82=89=E3=81=8B=E3=81=98=E3=82=81=E5=AE=
=9F=E8=A1=8C=E3=81=97=E3=81=A6=E3=81=8A=E3=81=8F=E3=81=93=E3=81=A8=E3=81=8C=
=E5=89=8D=E6=8F=90=E3=81=A7=E3=80=81=E5=AE=9A=E7=BE=A9=E3=81=95=E3=82=8C=E3=
=81=9Fconf/saml-nameid.properties=E3=81=AE
=E3=83=97=E3=83=AD=
=E3=83=91=E3=83=86=E3=82=A3=E3=82=92=E5=8F=82=E7=85=A7=E3=81=97=E3=81=A6=E3=
=81=84=E3=81=BE=E3=81=99=E3=80=82
conf/attribute-resolver.xml
<!-- = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --> <!-- Attribute Definitions --> <!-- =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --> <!-- Schema: eduPerson attributes --> <!-- Attribute Definition for eduPersonTargetedID --> <resolver:AttributeDefinition id=3D"eduPersonTargetedID" xsi:type=3D"SAM= L2NameID" xmlns=3D"urn:mace:shibboleth:2.0:resolver:ad" nameIdFormat=3D"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" sourceAttributeID=3D"computedID"> <resolver:Dependency ref=3D"computedID" /> <resolver:AttributeEncoder xsi:type=3D"SAML1XMLObject" xmlns=3D"urn:= mace:shibboleth:2.0:attribute:encoder" name=3D"urn:oid:1.3.6.1.4.1.5923.1.1.1.10" /> <resolver:AttributeEncoder xsi:type=3D"SAML2XMLObject" xmlns=3D"urn:= mace:shibboleth:2.0:attribute:encoder" name=3D"urn:oid:1.3.6.1.4.1.5923.1.1.1.10" friendlyName=3D"eduP= ersonTargetedID" /> </resolver:AttributeDefinition> <!-- =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --> <!-- Data Connectors --> <!-- =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --> <!-- Computed targeted ID connector --> <resolver:DataConnector xsi:type=3D"ComputedId" xmlns=3D"urn:mace:shibbo= leth:2.0:resolver:dc" id=3D"computedID" generatedAttributeID=3D"computedID" sourceAttributeID=3D"%{idp.persistentId.sourceAttri= bute}" salt=3D"%{idp.persistentId.salt}"> <resolver:Dependency ref=3D"%{idp.persistentId.sourceAttribute}" /&g= t; </resolver:DataConnector>
conf/attribute-filter.xml
=E3=81=AE=E4=BE=8B
<!-- = Release to sp.example.jp --> <afp:AttributeFilterPolicy id=3D"PolicyforSP1ExampleJP"> <afp:PolicyRequirementRule xsi:type=3D"basic:AttributeRequesterStrin= g" value=3D"https://sp.example.jp/shibboleth-sp" /> <afp:AttributeRule attributeID=3D"eduPersonTargetedID"> <afp:PermitValueRule xsi:type=3D"basic:ANY" /> </afp:AttributeRule> </afp:AttributeFilterPolicy>
storedId=E3=81=A7=E3=81=AE=E8=A8=AD=E5=AE=9A=E3=82=92=E4=B8=8B=E8=
=A8=98=E3=81=AB=E7=A4=BA=E3=81=97=E3=81=BE=E3=81=99=E3=80=82persistent-id=E3=81=AE=E8=
=A8=AD=E5=AE=9A=E3=82=92=E3=81=82=E3=82=89=E3=81=8B=E3=81=98=E3=82=81=
=E5=AE=9F=E8=A1=8C=E3=81=97=E3=81=A6=E3=81=8A=E3=81=8F=E3=81=93=E3=81=A8=E3=
=81=8C=E5=89=8D=E6=8F=90=E3=81=A7=E3=80=81=E5=AE=9A=E7=BE=A9=E3=81=95=E3=82=
=8C=E3=81=9Fconf/global.xml
=E3=81=AEbean MyDataSource=E3=81=A8
conf/saml-nameid.properties=E3=81=AE=E3=83=97
=E3=
=83=AD=E3=83=91=E3=83=86=E3=82=A3=E3=82=92=E5=8F=82=E7=85=A7=E3=81=97=E3=81=
=BE=E3=81=99=E3=80=82
conf/attribute-resolver.xml
<!-- = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --> <!-- Attribute Definitions --> <!-- =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --> <!-- Schema: eduPerson attributes --> <!-- Attribute Definition for eduPersonTargetedID --> <resolver:AttributeDefinition id=3D"eduPersonTargetedID" xsi:type=3D"SAM= L2NameID" xmlns=3D"urn:mace:shibboleth:2.0:resolver:ad" nameIdFormat=3D"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" sourceAttributeID=3D"storedID"> <resolver:Dependency ref=3D"storedID" /> <resolver:AttributeEncoder xsi:type=3D"SAML1XMLObject" xmlns=3D"urn:= mace:shibboleth:2.0:attribute:encoder" name=3D"urn:oid:1.3.6.1.4.1.5923.1.1.1.10" /> <resolver:AttributeEncoder xsi:type=3D"SAML2XMLObject" xmlns=3D"urn:= mace:shibboleth:2.0:attribute:encoder" name=3D"urn:oid:1.3.6.1.4.1.5923.1.1.1.10" friendlyName=3D"eduP= ersonTargetedID" /> </resolver:AttributeDefinition> <!-- =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --> <!-- Data Connectors --> <!-- =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --> <!-- Stored targeted ID connector --> <resolver:DataConnector xsi:type=3D"StoredId" xmlns=3D"urn:mace:shibbole= th:2.0:resolver:dc" id=3D"storedID" generatedAttributeID=3D"storedID" sourceAttributeID=3D"%{idp.persistentId.sourceAttri= bute}" salt=3D"%{idp.persistentId.salt}"> <resolver:Dependency ref=3D"%{idp.persistentId.sourceAttribute}" /&g= t; <BeanManagedConnection>MyDataSource</BeanManagedConnection> </resolver:DataConnector>
conf/attribute-filter.xml
=E3=81=AE=E4=BE=8B
<!-- = Release to sp.example.jp --> <afp:AttributeFilterPolicy id=3D"PolicyforSP1ExampleJP"> <afp:PolicyRequirementRule xsi:type=3D"basic:AttributeRequesterStrin= g" value=3D"https://sp.example.jp/shibboleth-sp" /> <afp:AttributeRule attributeID=3D"eduPersonTargetedID"> <afp:PermitValueRule xsi:type=3D"basic:ANY" /> </afp:AttributeRule> </afp:AttributeFilterPolicy>
=E5=80=8B=E5=88=A5=E3=81=AE=E3=83=9A=E3=83=BC=E3=82= =B8=E3=81=AB=E7=A7=BB=E5=8B=95
eduPersonTargetedID(ePTID)=E3=82=92=E7=94=9F=E6=88=90=E3=81=99=E3=82=8B= =E3=81=A8=E3=81=8D=E3=81=AB=E3=81=AFLDAP=E4=B8=8A=E3=81=AE=E5=B1=9E=E6=80= =A7=E3=81=A8=E3=81=97=E3=81=A6uid=E3=82=92=E4=BB=A3=E8=A1=A8=E3=81=A8=E3=81= =97=E3=81=9F=E5=B1=9E=E6=80=A7=E5=80=A4=E3=81=8C=E5=88=A9=E7=94=A8=E3=81=95= =E3=82=8C=E3=81=BE=E3=81=99=E3=81=8C=E3=80=81=E3=81=93=E3=82=8C=E3=82=89=E3= =81=AE=E5=B1=9E=E6=80=A7=E5=80=A4=E3=81=A7=E3=81=AF=E5=86=8D=E5=89=B2=E3=82= =8A=E5=BD=93=E3=81=A6=E3=81=AE=E5=95=8F=E9=A1=8C=E3=81=8C=E3=81=82=E3=82=8A= =E3=81=BE=E3=81=99=E3=80=82
=E4=BE=8B=E3=81=88=E3=81=B0uid=E3=81=A8=E3=81=97=E3=81=A6 test001 =E3=82= =92=E4=BD=BF=E3=81=A3=E3=81=A6=E3=81=84=E3=81=9F=E4=BA=BA=E3=81=8C=E7=95=B0= =E5=8B=95=E3=81=AB=E3=81=AA=E3=82=8A=E3=80=81=E3=81=95=E3=82=89=E3=81=AB=E5= =B9=B4=E6=9C=88=E3=81=8C=E7=B5=8C=E3=81=A3=E3=81=A6=E5=90=8C=E3=81=98uid=E3= =82=92=E4=BD=BF=E3=81=84=E3=81=9F=E3=81=84=E3=81=A8=E3=81=84=E3=81=86=E4=BA= =BA=E3=81=8C=E7=8F=BE=E3=82=8F=E3=82=8C=E3=81=9F=E5=A0=B4=E5=90=88=E3=81=AB= =E3=81=AF=E3=81=9D=E3=81=AE=E3=81=BE=E3=81=BE=E5=89=B2=E3=82=8A=E5=BD=93=E3= =81=A6=E3=81=A6=E3=81=97=E3=81=BE=E3=81=86=E3=81=93=E3=81=A8=E3=81=AF=E3=81= =A7=E3=81=8D=E3=81=BE=E3=81=9B=E3=82=93=E3=80=82=E3=81=93=E3=82=8C=E3=81=AF= SP =E5=81=B4=E3=81=A7 uid=3Dtest001 =E3=81=A8=E3=81=84=E3=81=86=E5=B1=9E=E6= =80=A7=E5=80=A4=E3=82=92=E5=9F=BA=E3=81=AB=E7=94=9F=E6=88=90=E3=81=95=E3=82= =8C=E3=81=9FePTID=E3=81=A7=E5=80=8B=E4=BA=BA=E3=82=92=E8=AD=98=E5=88=A5=E3= =81=97=E3=81=A6=E3=81=84=E3=81=9F=E5=A0=B4=E5=90=88=E3=81=AB=E3=80=81=E5=86= =8D=E5=89=B2=E3=82=8A=E5=BD=93=E3=81=A6=E5=89=8D=E3=81=AE=E4=BA=BA=E7=89=A9= =E3=81=A8=E3=80=81=E5=86=8D=E5=89=B2=E3=82=8A=E5=BD=93=E3=81=A6=E5=BE=8C=E3= =81=AE=E4=BA=BA=E7=89=A9=E3=82=92=E5=8C=BA=E5=88=A5=E3=81=A7=E3=81=8D=E3=81= =9A=E5=90=8C=E4=B8=80=E4=BA=BA=E7=89=A9=E3=81=A8=E3=81=BF=E3=81=AA=E3=81=97= =E3=81=A6=E5=86=8D=E5=89=B2=E3=82=8A=E5=BD=93=E3=81=A6=E5=89=8D=E3=81=AE=E3= =82=A2=E3=82=AB=E3=82=A6=E3=83=B3=E3=83=88=E3=81=AE=E6=83=85=E5=A0=B1=E3=82= =92=E5=88=A9=E7=94=A8=E3=81=97=E3=81=A6=E3=81=97=E3=81=BE=E3=81=86=E3=81=93= =E3=81=A8=EF=BC=88=E5=BD=93=E4=BA=BA=E3=81=8C=E6=84=8F=E5=9B=B3=E3=81=97=E3= =81=AA=E3=81=84=E3=81=AA=E3=82=8A=E3=81=99=E3=81=BE=E3=81=97=EF=BC=89=E3=81= =8C=E8=B5=B7=E3=81=93=E3=82=8B=E3=81=9F=E3=82=81=E3=81=A7=E3=81=99=E3=80=82=
ePTID=E3=81=A7StoredID=E3=82=92=E5=88=A9=E7=94=A8=E3=81=97=E3=81=A6=E3= =81=84=E3=82=8B=E5=A0=B4=E5=90=88=E3=81=AB=E3=81=AF=E5=A4=B1=E5=8A=B9=E5=87= =A6=E7=90=86=E3=82=92=E8=A1=8C=E3=81=86=E3=81=93=E3=81=A8=E3=81=A7=E6=96=B0= =E3=81=97=E3=81=84ePTID=E3=82=92=E7=94=9F=E6=88=90=E3=81=A7=E3=81=8D=E3=82= =8B=E3=81=93=E3=81=A8=E3=81=8B=E3=82=89=E3=80=81=E5=86=8D=E5=89=B2=E3=82=8A= =E5=BD=93=E3=81=A6=E3=81=95=E3=82=8C=E3=82=8B=E5=B1=9E=E6=80=A7=E5=80=A4=E3= =82=92=E3=82=BD=E3=83=BC=E3=82=B9=E3=81=A8=E3=81=97=E3=81=9F=E4=B8=8A=E3=81= =A7=E5=86=8D=E5=89=B2=E3=82=8A=E5=BD=93=E3=81=A6=E6=99=82=E3=81=AB=E5=A4=B1= =E5=8A=B9=E3=81=99=E3=82=8B=E3=81=93=E3=81=A8=E3=81=A7=E3=82=82=E5=AF=BE=E5= =87=A6=E5=8F=AF=E8=83=BD=E3=81=A7=E3=81=99=E3=80=82=E4=BB=8A=E5=9B=9E=E3=81= =AF=E5=88=A5=E3=81=AE=E6=96=B9=E6=B3=95=E3=81=A8=E3=81=97=E3=81=A6=E3=80=81= LDAP=E4=B8=8A=E3=81=AEuid=E3=81=AE=E4=BB=98=E5=8A=A0=E6=83=85=E5=A0=B1=E3= =81=A8=E3=81=97=E3=81=A6LDAP=E3=82=A8=E3=83=B3=E3=83=88=E3=83=AA=E3=81=AE= =E4=BD=9C=E6=88=90=E6=99=82=E9=96=93(createTimestamp)=E3=82=92=E5=8A=A0=E3= =81=88=E3=81=9F=E5=80=A4=E3=82=92=E3=82=BD=E3=83=BC=E3=82=B9=E3=81=A8=E3=81= =97=E3=81=A6ePTID=E3=82=92=E7=94=9F=E6=88=90=E3=81=99=E3=82=8B=E6=96=B9=E6= =B3=95=E3=82=92=E7=B4=B9=E4=BB=8B=E3=81=97=E3=81=BE=E3=81=99=EF=BC=88Comput= edID=E3=82=92=E3=83=99=E3=83=BC=E3=82=B9=E3=81=AB=E8=A8=AD=E5=AE=9A=E6=96= =B9=E6=B3=95=E3=82=92=E7=B4=B9=E4=BB=8B=E3=81=97=E3=81=A6=E3=81=84=E3=81=BE= =E3=81=99=E3=81=8C=E3=80=81StoredID=E3=81=AE=E5=A0=B4=E5=90=88=E3=82=82=E5= =90=8C=E6=A7=98=E3=81=A7=E3=81=99=EF=BC=89=E3=80=82
=E4=BE=8B=E3=81=88=E3=81=B0 <uid>-<createTimestamp> =E3=81=AE=E3=82=88=E3=81=86=E3=81=AB2=E3=81=A4=E3=81=AE=E5=B1=9E=E6=80=
=A7=E5=80=A4=E3=82=92=E3=83=8F=E3=82=A4=E3=83=95=E3=83=B3=E3=81=A7=E3=81=A4=
=E3=81=AA=E3=81=92=E3=81=A6
test001-20130314110740Z
=E3=81=A8=
=E3=81=84=E3=81=A3=E3=81=9F=E5=80=A4=E3=82=92=E3=82=BD=E3=83=BC=E3=82=B9=E3=
=81=A8=E3=81=97=E3=81=A6ePTID=E3=82=92=E7=94=9F=E6=88=90=E3=81=99=E3=82=8C=
=E3=81=B0=E3=80=81uid=E5=86=8D=E5=89=B2=E3=82=8A=E5=BD=93=E3=81=A6=E3=81=94=
=E3=81=A8=E3=81=AE=E5=A4=B1=E5=8A=B9=E5=87=A6=E7=90=86=E3=81=8C=E4=B8=8D=E8=
=A6=81=E3=81=A8=E3=81=AA=E3=82=8A=E3=81=BE=E3=81=99=E3=80=82=E3=81=9F=E3=81=
=A0=E3=81=97=E3=80=81=E5=86=8D=E5=89=B2=E3=82=8A=E5=BD=93=E3=81=A6=E3=81=AE=
=E9=9A=9B=E3=81=AB=E5=BF=85=E3=81=9A=E3=80=8C=E4=BD=9C=E6=88=90=E6=99=82=E9=
=96=93=E3=80=8D=E3=81=8C=E5=A4=89=E6=9B=B4=E3=81=95=E3=82=8C=E3=82=8B=E3=82=
=88=E3=81=86=E3=81=AB=E3=82=A2=E3=82=AB=E3=82=A6=E3=83=B3=E3=83=88=E4=BD=9C=
=E6=88=90=E5=87=A6=E7=90=86=E3=82=92=E3=81=99=E3=82=8B=E3=81=93=E3=81=A8=E3=
=81=8C=E5=89=8D=E6=8F=90=E3=81=A8=E3=81=AA=E3=82=8A=E3=81=BE=E3=81=99=E3=80=
=82=EF=BC=88LDAP=E3=82=A8=E3=83=B3=E3=83=88=E3=83=AA=E3=82=92=E5=86=8D=E5=
=88=A9=E7=94=A8=E3=81=99=E3=82=8B=E3=82=88=E3=81=86=E3=81=AA=E9=81=8B=E7=94=
=A8=E3=81=A7=E3=81=AFcreateTimestamp=E3=81=8C=E5=A4=89=E6=9B=B4=E3=81=95=E3=
=82=8C=E3=81=AA=E3=81=84=E5=8F=AF=E8=83=BD=E6=80=A7=E3=81=8C=E3=81=82=E3=82=
=8A=E3=81=BE=E3=81=99=EF=BC=89
eduPersonTargetedID=E3=81=AEAttributeDefinition=E3=81=AF=E3=83=87=E3= =83=95=E3=82=A9=E3=83=AB=E3=83=88=E3=81=AE=E3=81=BE=E3=81=BE=E3=81=A7=E5=88= =A9=E7=94=A8=E5=8F=AF=E8=83=BD=E3=81=A7=E3=81=99=E3=80=82
<!-- Attribute Definition for eduPersonTargetedID (computedID) = --> <resolver:AttributeDefinition xsi:type=3D"ad:SAML2NameID" id=3D"eduP= ersonTargetedID"
nameIdFormat=3D"urn:o= asis:names:tc:SAML:2.0:nameid-format:persistent" sourceAttributeID=3D"compu= tedID"> <resolver:Dependency ref=3D"computedID" /> <resolver:AttributeEncoder xsi:type=3D"enc:SAML1XMLObject"
= name=3D"urn:oid:1.3.6.1.4.1.5923.1.1.1.10"= encodeType=3D"false" /> <resolver:AttributeEncoder xsi:type=3D"enc:SAML2XMLObject"
= name=3D"urn:oid:1.3.6.1.4.1.5923.1.1.1.10"= friendlyName=3D"eduPersonTargetedID" encodeType=3D"false" /> </resolver:AttributeDefinition>
Template Attribute Definition=E3=81=A7 uid-createTimestamp =E3=81=AE= =E6=96=87=E5=AD=97=E5=88=97=E3=82=92=E8=BF=94=E3=81=99AttributeDefinition= =E3=82=92=E5=AE=9A=E7=BE=A9=E3=81=97=E3=81=A6=E3=80=81ComputedID=E7=94=A8Da= taConnector=E3=81=AE sourceAttributeID, Dependency=E3=81=A7=E5=8F=82=E7=85= =A7=E3=81=A7=E3=81=8D=E3=82=8B=E3=82=88=E3=81=86=E3=81=AB=E3=81=97=E3=81=BE= =E3=81=99=E3=80=82=E3=81=93=E3=81=93=E3=81=A7=E3=81=AF=E3=80=8CtemplateePTI= D=E3=80=8D=E3=81=A8=E3=81=84=E3=81=86=E5=90=8D=E5=89=8D=E3=82=92=E7=94=A8= =E3=81=84=E3=81=BE=E3=81=99=E3=80=82
<!-- Computed targeted I=
D connector -->
<resolver:DataCon=
nector id=3D"computedID" xsi:type=3D"dc:ComputedId"
&nb=
sp; &nbs=
p; generatedAttributeID=3D"computedID"
&nb=
sp; &nbs=
p; sourceAttributeID=3D"%{idp.persistentId.sourceAttribute}"
&nb=
sp; &nbs=
p; salt=3D"%{idp.persistentId.salt}">
<resolver:Dependency ref=3D"%=
{idp.persistentId.sourceAttribute}" />
</resolver:DataConnector>
&nbs=
p; =E2=86=93=E4=BB=A5=E4=B8=8B=E3=81=AE=E8=A1=8C=E3=82=92=
=E8=BF=BD=E5=8A=A0
=
&=
nbsp;<resolver:AttributeDefinition id=
=3D"templateePTID" xsi:type=3D"Template" xmlns=3D"urn:mace:shibboleth:2.0:r=
esolver:ad">
<resolver:Dependency ref=3D"myLDAP" />
=
span>=
<Template>
=
&=
nbsp; =
<![CDATA[
=
span>=
&nbs=
p; <=
/span>${uid}-${createTimestamp}=
<=
span style=3D"color: rgb(255,0,0);"> ]]>
<=
span style=3D"color: rgb(255,0,0);"> &=
lt;/Template>
&nb=
sp; <=
/span><SourceAttribute>uid</SourceAttr=
ibute>
=
&=
nbsp; =
<SourceAttribute=
>createTimestamp</SourceAttribute>
</resolver:=
AttributeDefinition>
# For computed IDs, set a source attribute and a secret salt:
idp.persistentId.sourceAttribute =3D templateePTID
<=
/p>
=E2=86=90 =E5=A4=89=E6=9B=B4
LDAP=E3=81=8B=E3=82=89=E8=BF=BD=E5=8A=A0=E3=81=A7createTimestamp=E3= =82=92=E5=8F=96=E5=BE=97=E3=81=99=E3=82=8B=E3=81=9F=E3=82=81=E3=81=ABLDAP D= ataConnector=E3=81=ABReturnAttributes=E3=82=92=E5=AE=9A=E7=BE=A9=E3=81=97= =E3=81=BE=E3=81=99=E3=80=82
<resolver:DataConnector id=3D"myLDAP" xsi:ty=
pe=3D"dc:LDAPDirectory"
 =
; ldapURL=3D"%{idp.attribute.resolver.LDAP.ldapURL}"
=
baseDN=3D"%{idp.attribute.resolv=
er.LDAP.baseDN}"
=
principal=3D"%{idp.attribute.resolver.LDAP.bindDN}"
=
principalCredential=3D"%{idp.attribute=
.resolver.LDAP.bindDNCredential}"
&=
nbsp; useStartTLS=3D"%{idp.attribute.resolver.LDAP.useStartTLS:=
true}">
<d=
c:FilterTemplate>
&n=
bsp; <![CDATA[
 =
; %=
{idp.attribute.resolver.LDAP.searchFilter}
&nbs=
p; ]]>
&=
nbsp; </dc:FilterTemplate>
=
<=
/span> <dc:ReturnAttributes>* createTimestamp</dc:ReturnAttribu=
tes> =E2=86=90 =E8=BF=BD=E5=8A=A0=
(dc:FilterTemplate=E3=81=AE=E7=9B=B4=
=E5=BE=8C=E3=81=A7=E3=81=82=E3=82=8B=E5=BF=85=E8=A6=81=E3=81=8C=E3=81=82=E3=
=82=8A=E3=81=BE=E3=81=99)
=
</resolver:DataConnector>
conf/c14n/subject-c14n.xmlconf/c14n/subject-c=
14n.xml
=E3=81=AE<ref bean=3D"c14n/SAML2Persist=
ent" />
=E3=82=92=E3=82=A2=E3=
=83=B3=E3=82=B3=E3=83=A1=E3=83=B3=E3=83=88=E3=81=97=E3=81=BE=E3=81=99=E3=80=
=82
<!-- = Handle a SAML 2 persistent ID, provided a stored strategy is in use. --> <ref bean=3D"c14n/SAML2Persistent" />
= <!-- Handle a SAML 2 persistent ID, provided a stored strategy is in u= se. --> - <!-- <ref bean=3D"c14n/SAML2Persistent" /> --> + <ref bean=3D"c14n/SAML2Persistent" />
=E4=BB=A5=E4=B8=8B=E3=81=AF=E5=85=A8=E3=81=A6=E3=81=AESP=E3=81=AB=E5=AF= =BE=E3=81=97=E3=81=A6=E9=81=A9=E7=94=A8=E3=81=99=E3=82=8B=E6=96=B9=E6=B3=95= =E3=81=A7=E3=81=99=E3=80=82=E7=89=B9=E5=AE=9A=E3=81=AESP=E3=81=AB=E5=AF=BE= =E3=81=97=E3=81=A6=E3=81=AE=E3=81=BF=E9=81=A9=E7=94=A8=E3=81=99=E3=82=8B=E5= =A0=B4=E5=90=88=E3=81=AF=E3=80=81=E3=81=9D=E3=81=AESP=E7=94=A8=E3=81=AEbean= =E3=82=92RelyingPartyOverrides=E3=81=AB=E4=BD=9C=E6=88=90=E3=81=97=E3=80=81= =E3=83=97=E3=83=AD=E3=83=95=E3=82=A1=E3=82=A4=E3=83=AB=E3=81=AB=E4=BB=A5=E4= =B8=8B=E3=81=AE=E8=A8=AD=E5=AE=9A=E3=82=92=E8=A1=8C=E3=81=A3=E3=81=A6=E3=81= =8F=E3=81=A0=E3=81=95=E3=81=84=E3=80=82
conf/relying-party.xml
=E3=81=AB
bean[@parent=3D"Shibboleth.SSO"]p:includeAttributeSta=
tement=3D"true"
=E3=82=92=E8=BF=BD=E5=8A=A0=E3=81=97=E3=81=BE=E3=81=
=99=E3=80=82
<bean= id=3D"shibboleth.DefaultRelyingParty" parent=3D"RelyingParty"> <property name=3D"profileConfigurations"> <list> <bean parent=3D"Shibboleth.SSO" p:postAuthenticationFlows=3D= "attribute-release" p:includeAttributeStatement=3D"true" /> <ref bean=3D"SAML1.AttributeQuery" /> <ref bean=3D"SAML1.ArtifactResolution" /> <bean parent=3D"SAML2.SSO" p:postAuthenticationFlows=3D"attr= ibute-release" /> <ref bean=3D"SAML2.ECP" /> <ref bean=3D"SAML2.Logout" /> <ref bean=3D"SAML2.AttributeQuery" /> <ref bean=3D"SAML2.ArtifactResolution" /> <ref bean=3D"Liberty.SSOS" /> </list> </property> </bean>
&l= t;bean id=3D"shibboleth.DefaultRelyingParty" parent=3D"RelyingParty"> <property name=3D"profileConfigurations"> <list> - <bean parent=3D"Shibboleth.SSO" p:postAuthenticationFlo= ws=3D"attribute-release" /> + <bean parent=3D"Shibboleth.SSO" p:postAuthenticationFlo= ws=3D"attribute-release" p:includeAttributeStatement=3D"true" /> <ref bean=3D"SAML1.AttributeQuery" /> <ref bean=3D"SAML1.ArtifactResolution" /> <bean parent=3D"SAML2.SSO" p:postAuthenticationFlows=3D= "attribute-release" /> <ref bean=3D"SAML2.ECP" /> <ref bean=3D"SAML2.Logout" /> <ref bean=3D"SAML2.AttributeQuery" /> <ref bean=3D"SAML2.ArtifactResolution" /> <ref bean=3D"Liberty.SSOS" /> </list> </property> </bean>
conf/relying-party.xml
=E4=BB=A5=E4=B8=
=8B=E3=81=AE=E3=82=88=E3=81=86=E3=81=ABshibboleth.RelyingPartyOverrid=
es
=E3=81=AE=E5=AD=90=E8=A6=81=E7=B4=A0=E3=81=A8=E3=81=97=E3=81=A6=E5=
=BD=93=E8=A9=B2SP=E5=90=91=E3=81=91=E3=81=AE=E8=A8=AD=E5=AE=9A=E3=82=92=E8=
=BF=BD=E5=8A=A0=E3=81=97=E3=81=A6=E3=81=8F=E3=81=A0=E3=81=95=E3=81=84=E3=80=
=82
=E3=83=BBSP=E3=81=AEentityID=E3=81=AF=E9=81=A9=E5=88=87=E3=81=AA=E3=82=82=
=E3=81=AE=E3=81=AB=E7=BD=AE=E3=81=8D=E6=8F=9B=E3=81=88=E3=81=A6=E3=81=8F=E3=
=81=A0=E3=81=95=E3=81=84=E3=80=82
=E3=83=BB=E5=A4=89=E5=8C=96=E3=82=92=E6=9C=80=E5=B0=8F=E9=99=90=E3=81=AB=E3=
=81=99=E3=82=8B=E3=81=9F=E3=82=81=E5=9F=BA=E6=9C=AC=E7=9A=84=E3=81=AB=E3=81=
=AF=E8=A8=AD=E5=AE=9A=E3=81=AF=E5=90=8C=E3=83=95=E3=82=A1=E3=82=A4=E3=83=AB=
=E3=81=AEshibboleth.DefaultRelyingParty
=E3=81=AE=E8=A8=AD=E5=
=AE=9A=E3=81=A8=E5=90=8C=E3=81=98=E3=81=8F=E3=81=97=E3=80=81SAML2.SSO=
=E3=81=ABp:encryptAssertions=3D"false"
=E3=82=92=E8=BF=
=BD=E5=8A=A0=E3=81=97=E3=81=A6=E3=81=8F=E3=81=A0=E3=81=95=E3=81=84=E3=80=82=
DefaultRelyingParty=E3=81=AB=E3=81=82=E3=82=8B=E4=BB=96=E3=81=AEbean=E3=82=
=82=E5=BF=85=E8=A6=81=E3=81=AA=E3=82=89=E3=82=B3=E3=83=94=E3=83=BC&=E3=
=83=9A=E3=83=BC=E3=82=B9=E3=83=88=E3=81=97=E3=81=A6=E3=81=8F=E3=81=A0=E3=81=
=95=E3=81=84=E3=80=82
=E3=83=BB=E4=BB=96=E3=81=AB=E3=82=82RelyingPartyOverrides=E3=81=AE=E5=AD=90=
=E8=A6=81=E7=B4=A0=E3=81=8C=E3=81=82=E3=82=8A=E5=BD=93=E8=A9=B2SP=E3=81=8C=
=E4=BB=96=E3=81=AEoverride=E3=81=AB=E3=81=99=E3=81=A7=E3=81=AB=E8=A8=98=E8=
=BF=B0=E3=81=95=E3=82=8C=E3=81=A6=E3=81=84=E3=82=8B=E5=A0=B4=E5=90=88=E3=80=
=81=E3=83=9E=E3=83=BC=E3=82=B8=E3=81=AF=E8=A1=8C=E3=82=8F=E3=82=8C=E3=81=BE=
=E3=81=9B=E3=82=93=E3=81=AE=E3=81=A7=E5=90=8C=E7=AD=89=E3=81=AE=E8=A8=AD=E5=
=AE=9A=E3=81=AB=E3=81=AA=E3=82=8B=E3=82=88=E3=81=86=E3=81=AB1=E3=81=A4=E3=
=81=AB=E3=81=BE=E3=81=A8=E3=82=81=E3=82=8B=E3=82=88=E3=81=86=E3=81=AB=E3=81=
=97=E3=81=A6=E3=81=8F=E3=81=A0=E3=81=95=E3=81=84=E3=80=82
<= !-- Container for any overrides you want to add. --> <util:list id=3D"shibboleth.RelyingPartyOverrides"> =20 ... <bean p:id=3D"example.NoEncryptAssertions" parent=3D"RelyingPart= yByName"> <constructor-arg name=3D"relyingPartyIds"> <list> <value>https://sp.example.ac.jp/shibboleth-sp<= /value> </list> </constructor-arg> <property name=3D"profileConfigurations"> <list> <bean parent=3D"SAML2.SSO" p:postAuthenticationFlows= =3D"attribute-release" p:encryptAssertions=3D"false" /> <ref bean=3D"SAML2.Logout" /> </list> </property> </bean> =20 </util:list>
&l= t;!-- Container for any overrides you want to add. --> =20 <util:list id=3D"shibboleth.RelyingPartyOverrides"> =20 ... =20 + <bean p:id=3D"example.NoEncryptAssertions" parent=3D"RelyingPar= tyByName"> + <constructor-arg name=3D"relyingPartyIds"> + <list> + <value>https://sp.example.ac.jp/shibboleth-sp<= ;/value> + </list> + </constructor-arg> + <property name=3D"profileConfigurations"> + <list> + <bean parent=3D"SAML2.SSO" p:postAuthenticationFlow= s=3D"attribute-release" p:encryptAssertions=3D"false" /> + <ref bean=3D"SAML2.Logout" /> + </list> + </property> + </bean> + =20 </util:list>
=E5=80=8B=E5=88=A5=E3=81=AE=E3=83=9A=E3=83=BC=E3=82= =B8=E3=81=AB=E7=A7=BB=E5=8B=95
Shibboleth IdP=E3=81=AB=E3=81=8A=E3=81=84=E3=81=A6=E3=80=81=E5=B1=9E=E6= =80=A7=E3=81=AE=E7=94=9F=E6=88=90=E6=89=8B=E6=AE=B5=E3=81=A8=E3=81=97=E3=81= =A6LDAP=E3=82=B5=E3=83=BC=E3=83=90=E3=82=92=E5=8F=82=E7=85=A7=E3=81=99=E3= =82=8B=E6=96=B9=E6=B3=95=E3=81=8C=E3=81=82=E3=82=8A=E3=81=BE=E3=81=99=E3=81= =8C=E3=80=81LDAP=E3=82=B5=E3=83=BC=E3=83=90=E3=81=AB=E3=82=A8=E3=83=B3=E3= =83=88=E3=83=AA=E3=81=8C=E5=AD=98=E5=9C=A8=E3=81=97=E3=81=AA=E3=81=84=E5=A0= =B4=E5=90=88=E3=81=AE=E6=8C=99=E5=8B=95=E3=81=AB=E3=81=A4=E3=81=84=E3=81=A6= =E6=B3=A8=E6=84=8F=E3=81=8C=E5=BF=85=E8=A6=81=E3=81=A7=E3=81=99=E3=80=82Shi= bboleth IdP=E3=81=AE=E3=83=87=E3=83=95=E3=82=A9=E3=83=AB=E3=83=88=E8=A8=AD= =E5=AE=9A=E3=81=AB=E3=81=8A=E3=81=91=E3=82=8B=E6=8C=99=E5=8B=95=E3=81=AF=E4= =BB=A5=E4=B8=8B=E3=81=AE=E9=80=9A=E3=82=8A=E3=81=A7=E3=81=99=E3=80=82
SP=E5=81=B4=E3=81=AB=E5=B1=9E=E6=80=A7=E3=82=92=E9=80=81=E4=BF=A1=E3=81= =99=E3=82=8B=E5=89=8D=E3=81=ABIdP=E4=B8=8A=E3=81=A7=E3=82=A8=E3=83=A9=E3=83= =BC=E3=81=AB=E3=81=99=E3=82=8B=E3=81=AB=E3=81=AF=E3=80=81=E3=81=93=E3=81=93= =E3=81=A7=E7=B4=B9=E4=BB=8B=E3=81=99=E3=82=8B=E8=A8=AD=E5=AE=9A=E3=81=8C=E5= =BF=85=E8=A6=81=E3=81=AB=E3=81=AA=E3=82=8A=E3=81=BE=E3=81=99=E3=80=82=E5=90= =8C=E6=99=82=E3=81=AB=E3=80=81Template AttributeDefinition=E3=81=AA=E3=81= =A9=E4=BB=96=E3=81=AE=E8=A6=81=E5=9B=A0=E3=81=A7=E3=82=A8=E3=83=A9=E3=83=BC= =E3=81=8C=E7=99=BA=E7=94=9F=E3=81=97=E3=81=9F=E5=A0=B4=E5=90=88=E3=82=82IdP= =E4=B8=8A=E3=81=A7=E3=82=A8=E3=83=A9=E3=83=BC=E3=81=A8=E3=81=AA=E3=82=8A=E3= =81=BE=E3=81=99=E3=80=82=E7=8F=BE=E5=9C=A8=E3=81=AE=E9=81=8B=E7=94=A8=E3=81= =A7=E3=82=A8=E3=83=A9=E3=83=BC=E3=81=8C=E7=99=BA=E7=94=9F=E3=81=97=E3=81=A6= =E3=81=84=E3=81=AA=E3=81=84=E3=81=93=E3=81=A8=E3=82=92=E3=83=AD=E3=82=B0=E3= =81=AB=E3=82=88=E3=82=8A=E7=A2=BA=E8=AA=8D=E3=81=97=E3=81=A6=E3=81=8A=E3=81= =84=E3=81=A6=E3=81=8F=E3=81=A0=E3=81=95=E3=81=84=E3=80=82
Shib=
boleth IdP 3.3.x=E5=90=91=E3=81=91=E3=83=86=E3=83=B3=E3=83=97=E3=83=AC=E3=
=83=BC=E3=83=88(3.3.0=E4=BB=A5=E9=99=8D)=E3=81=AEattribute-resolver.xml=
=E3=82=92=E4=BD=BF=E7=94=A8=E3=81=97=E3=81=A6=E3=81=84=E3=82=8B=E3=81=93=E3=
=81=A8
LDAP DataConnector=E3=81=AB=E4=BB=A5=E4=B8=8B=E3=81=AE=E3=82=88=E3=81=86=E3=
=81=AA=E8=A8=AD=E5=AE=9A=E3=81=8C=E5=90=AB=E3=81=BE=E3=82=8C=E3=81=BE=E3=81=
=99=E3=80=82
= noResultIsError=3D"%{idp.attribute.resolver.LDAP.noResultIsError:true}"
services.properties
idp.service.attribute.resolver.maskFailu= res=E3=81=AE=E5=80=A4=E3=82=92false=E3=81=AB=E5=A4=89=E6=9B=B4=E3=81=97=E3= =81=BE=E3=81=99=E3=80=82
idp.ser= vice.attribute.resolver.maskFailures =3D false
#idp.s= ervice.attribute.resolver.resources =3D shibboleth.AttributeResolverResourc= es #idp.service.attribute.resolver.failFast =3D false idp.service.attribute.resolver.checkInterval =3D PT15M -#idp.service.attribute.resolver.maskFailures =3D true +idp.service.attribute.resolver.maskFailures =3D false #idp.service.attribute.filter.resources =3D shibboleth.AttributeFilterReso= urces # NOTE: Failing the filter fast leaves no filters enabled.
errors.xml
IdP=E4=B8=8A=E3=81=A7=E3=82=A8=E3=83=A9=E3=83=BC=E3= =81=A8=E3=81=99=E3=82=8B=E3=81=9F=E3=82=81=E3=80=81<util:map id=3D"shibb= oleth.LocalEventMap">=E3=81=AE=E5=AD=90=E8=A6=81=E7=B4=A0=E3=81=A8=E3=81= =97=E3=81=A6=E4=BB=A5=E4=B8=8B=E3=81=AE=E8=A6=81=E7=B4=A0=E3=82=92=E8=BF=BD= =E5=8A=A0=E3=81=97=E3=81=BE=E3=81=99=E3=80=82
<entr= y key=3D"UnableToResolveAttributes" value=3D"true"/>
&l= t;util:map id=3D"shibboleth.LocalEventMap"> <entry key=3D"ContextCheckDenied" value=3D"true" /> <entry key=3D"AttributeReleaseRejected" value=3D"true" /&g= t; <entry key=3D"TermsRejected" value=3D"true" /> <entry key=3D"RuntimeException" value=3D"false" /> + <entry key=3D"UnableToResolveAttributes" value=3D"true"/> <!-- <entry key=3D"IdentitySwitch" value=3D"false" /> <entry key=3D"NoPotentialFlow" value=3D"false" /> --> </util:map>
aacli.sh=E3=81=A7=E8=A8=AD=E5=AE=9A=E3=81=8C=E6=AD=A3=E3=81=97=E3=81=84= =E3=81=8B=E7=A2=BA=E8=AA=8D=E3=81=99=E3=82=8B=E3=81=93=E3=81=A8=E3=81=8C=E3= =81=A7=E3=81=8D=E3=81=BE=E3=81=99=E3=80=82
LDAP=E3=81=AB=E3=82=A8=E3=83=B3=E3=83=88=E3=83=AA(=E3=83=A6=E3=83=BC= =E3=82=B6)=E3=81=8C=E5=AD=98=E5=9C=A8=E3=81=97=E3=81=AA=E3=81=84=E5=A0=B4= =E5=90=88
$ /opt/= shibboleth-idp/bin/aacli.sh -n user1 -r https://sp.example.ac.jp/shibboleth= -sp { "error": "UnableToResolveAttributes" }
LDAP=E3=81=AB=E3=82=A8=E3=83=B3=E3=83=88=E3=83=AA(=E3=83=A6=E3=83=BC= =E3=82=B6)=E3=81=8C=E5=AD=98=E5=9C=A8=E3=81=99=E3=82=8B=E5=A0=B4=E5=90=88= p>
$ /opt/= shibboleth-idp/bin/aacli.sh -n user1 -r https://sp.example.ac.jp/shibboleth= -sp { "requester": "https://sp.example.ac.jp/shibboleth-sp", "principal": "user1", "attributes": [ { "name": "eduPersonPrincipalName", "values": [ "ScopedStringAttributeValue{value=3Duser1, scope=3Dexample.ac= .jp}" ] } ] }