Date: Thu, 28 Mar 2024 18:38:38 +0900 (JST) Message-ID: <1885165924.1245.1711618718287@meatwiki.nii.ac.jp> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_1244_727487483.1711618718287" ------=_Part_1244_727487483.1711618718287 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Shibboleth IdP=E3=81=AB=E3=81=8A=E3=81=84=E3=81=A6=E3=80=81=E5=B1=9E=E6= =80=A7=E3=81=AE=E7=94=9F=E6=88=90=E6=89=8B=E6=AE=B5=E3=81=A8=E3=81=97=E3=81= =A6LDAP=E3=82=B5=E3=83=BC=E3=83=90=E3=82=92=E5=8F=82=E7=85=A7=E3=81=99=E3= =82=8B=E6=96=B9=E6=B3=95=E3=81=8C=E3=81=82=E3=82=8A=E3=81=BE=E3=81=99=E3=81= =8C=E3=80=81LDAP=E3=82=B5=E3=83=BC=E3=83=90=E3=81=AB=E3=82=A8=E3=83=B3=E3= =83=88=E3=83=AA=E3=81=8C=E5=AD=98=E5=9C=A8=E3=81=97=E3=81=AA=E3=81=84=E5=A0= =B4=E5=90=88=E3=81=AE=E6=8C=99=E5=8B=95=E3=81=AB=E3=81=A4=E3=81=84=E3=81=A6= =E6=B3=A8=E6=84=8F=E3=81=8C=E5=BF=85=E8=A6=81=E3=81=A7=E3=81=99=E3=80=82Shi= bboleth IdP=E3=81=AE=E3=83=87=E3=83=95=E3=82=A9=E3=83=AB=E3=83=88=E8=A8=AD= =E5=AE=9A=E3=81=AB=E3=81=8A=E3=81=91=E3=82=8B=E6=8C=99=E5=8B=95=E3=81=AF=E4= =BB=A5=E4=B8=8B=E3=81=AE=E9=80=9A=E3=82=8A=E3=81=A7=E3=81=99=E3=80=82
SP=E5=81=B4=E3=81=AB=E5=B1=9E=E6=80=A7=E3=82=92=E9=80=81=E4=BF=A1=E3=81= =99=E3=82=8B=E5=89=8D=E3=81=ABIdP=E4=B8=8A=E3=81=A7=E3=82=A8=E3=83=A9=E3=83= =BC=E3=81=AB=E3=81=99=E3=82=8B=E3=81=AB=E3=81=AF=E3=80=81=E3=81=93=E3=81=93= =E3=81=A7=E7=B4=B9=E4=BB=8B=E3=81=99=E3=82=8B=E8=A8=AD=E5=AE=9A=E3=81=8C=E5= =BF=85=E8=A6=81=E3=81=AB=E3=81=AA=E3=82=8A=E3=81=BE=E3=81=99=E3=80=82=E5=90= =8C=E6=99=82=E3=81=AB=E3=80=81Template AttributeDefinition=E3=81=AA=E3=81= =A9=E4=BB=96=E3=81=AE=E8=A6=81=E5=9B=A0=E3=81=A7=E3=82=A8=E3=83=A9=E3=83=BC= =E3=81=8C=E7=99=BA=E7=94=9F=E3=81=97=E3=81=9F=E5=A0=B4=E5=90=88=E3=82=82IdP= =E4=B8=8A=E3=81=A7=E3=82=A8=E3=83=A9=E3=83=BC=E3=81=A8=E3=81=AA=E3=82=8A=E3= =81=BE=E3=81=99=E3=80=82=E7=8F=BE=E5=9C=A8=E3=81=AE=E9=81=8B=E7=94=A8=E3=81= =A7=E3=82=A8=E3=83=A9=E3=83=BC=E3=81=8C=E7=99=BA=E7=94=9F=E3=81=97=E3=81=A6= =E3=81=84=E3=81=AA=E3=81=84=E3=81=93=E3=81=A8=E3=82=92=E3=83=AD=E3=82=B0=E3= =81=AB=E3=82=88=E3=82=8A=E7=A2=BA=E8=AA=8D=E3=81=97=E3=81=A6=E3=81=8A=E3=81= =84=E3=81=A6=E3=81=8F=E3=81=A0=E3=81=95=E3=81=84=E3=80=82
Shib=
boleth IdP 3.3.x=E5=90=91=E3=81=91=E3=83=86=E3=83=B3=E3=83=97=E3=83=AC=E3=
=83=BC=E3=83=88(3.3.0=E4=BB=A5=E9=99=8D)=E3=81=AEattribute-resolver.xml=
=E3=82=92=E4=BD=BF=E7=94=A8=E3=81=97=E3=81=A6=E3=81=84=E3=82=8B=E3=81=93=E3=
=81=A8
LDAP DataConnector=E3=81=AB=E4=BB=A5=E4=B8=8B=E3=81=AE=E3=82=88=E3=81=86=E3=
=81=AA=E8=A8=AD=E5=AE=9A=E3=81=8C=E5=90=AB=E3=81=BE=E3=82=8C=E3=81=BE=E3=81=
=99=E3=80=82
= noResultIsError=3D"%{idp.attribute.resolver.LDAP.noResultIsError:true}"
services.properties
idp.service.attribute.resolver.maskFailu= res=E3=81=AE=E5=80=A4=E3=82=92false=E3=81=AB=E5=A4=89=E6=9B=B4=E3=81=97=E3= =81=BE=E3=81=99=E3=80=82
idp.ser= vice.attribute.resolver.maskFailures =3D false
#idp.s= ervice.attribute.resolver.resources =3D shibboleth.AttributeResolverResourc= es #idp.service.attribute.resolver.failFast =3D false idp.service.attribute.resolver.checkInterval =3D PT15M -#idp.service.attribute.resolver.maskFailures =3D true +idp.service.attribute.resolver.maskFailures =3D false #idp.service.attribute.filter.resources =3D shibboleth.AttributeFilterReso= urces # NOTE: Failing the filter fast leaves no filters enabled.
errors.xml
IdP=E4=B8=8A=E3=81=A7=E3=82=A8=E3=83=A9=E3=83=BC=E3= =81=A8=E3=81=99=E3=82=8B=E3=81=9F=E3=82=81=E3=80=81<util:map id=3D"shibb= oleth.LocalEventMap">=E3=81=AE=E5=AD=90=E8=A6=81=E7=B4=A0=E3=81=A8=E3=81= =97=E3=81=A6=E4=BB=A5=E4=B8=8B=E3=81=AE=E8=A6=81=E7=B4=A0=E3=82=92=E8=BF=BD= =E5=8A=A0=E3=81=97=E3=81=BE=E3=81=99=E3=80=82
<entr= y key=3D"UnableToResolveAttributes" value=3D"true"/>
&l= t;util:map id=3D"shibboleth.LocalEventMap"> <entry key=3D"ContextCheckDenied" value=3D"true" /> <entry key=3D"AttributeReleaseRejected" value=3D"true" /&g= t; <entry key=3D"TermsRejected" value=3D"true" /> <entry key=3D"RuntimeException" value=3D"false" /> + <entry key=3D"UnableToResolveAttributes" value=3D"true"/> <!-- <entry key=3D"IdentitySwitch" value=3D"false" /> <entry key=3D"NoPotentialFlow" value=3D"false" /> --> </util:map>
aacli.sh=E3=81=A7=E8=A8=AD=E5=AE=9A=E3=81=8C=E6=AD=A3=E3=81=97=E3=81=84= =E3=81=8B=E7=A2=BA=E8=AA=8D=E3=81=99=E3=82=8B=E3=81=93=E3=81=A8=E3=81=8C=E3= =81=A7=E3=81=8D=E3=81=BE=E3=81=99=E3=80=82
LDAP=E3=81=AB=E3=82=A8=E3=83=B3=E3=83=88=E3=83=AA(=E3=83=A6=E3=83=BC= =E3=82=B6)=E3=81=8C=E5=AD=98=E5=9C=A8=E3=81=97=E3=81=AA=E3=81=84=E5=A0=B4= =E5=90=88
$ /opt/= shibboleth-idp/bin/aacli.sh -n user1 -r https://sp.example.ac.jp/shibboleth= -sp { "error": "UnableToResolveAttributes" }
LDAP=E3=81=AB=E3=82=A8=E3=83=B3=E3=83=88=E3=83=AA(=E3=83=A6=E3=83=BC= =E3=82=B6)=E3=81=8C=E5=AD=98=E5=9C=A8=E3=81=99=E3=82=8B=E5=A0=B4=E5=90=88= p>
$ /opt/= shibboleth-idp/bin/aacli.sh -n user1 -r https://sp.example.ac.jp/shibboleth= -sp { "requester": "https://sp.example.ac.jp/shibboleth-sp", "principal": "user1", "attributes": [ { "name": "eduPersonPrincipalName", "values": [ "ScopedStringAttributeValue{value=3Duser1, scope=3Dexample.ac= .jp}" ] } ] }