...
Open /opt/shibboleth-idp/conf/attribute-resolver.xml and search for the string "id="eduPersonPrincipalName"".
If the following XML element is valid (not commented out), you are good to go. → Reference
<resolver:AttributeDefinition xsi:type="ad:Scoped" id="eduPersonPrincipalName" scope="%{idp.scope}" sourceAttributeID="uid">
<resolver:Dependency ref="myLDAP" />
<resolver:AttributeEncoder xsi:type="enc:SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />
<resolver:AttributeEncoder xsi:type="enc:SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
</resolver:AttributeDefinition>Similarly, make sure that "id="mail"" is also valid. → Reference
<resolver:AttributeDefinition xsi:type="ad:Simple" id="mail" sourceAttributeID="mail">
<resolver:Dependency ref="myLDAP" />
<resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />
<resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
</resolver:AttributeDefinition>Open /opt/shibboleth-idp/conf/attribute-filter.xml and search for the string "</AttributeFilterPolicyGroup>".
Add the following XML element just before the found tag. → Reference
<AttributeFilterPolicy id="PolicyforNiiRdcDataAnalysisPlatform">
<PolicyRequirementRule xsi:type="Requester" value="https://jupyter.cs.rcos.nii.ac.jp/shibboleth-sp" />
<AttributeRule attributeID="eduPersonPrincipalName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="mail">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
</AttributeFilterPolicy>- Restart the Shibboleth IdP service.
...
Operation check
- Access https://jupyter.cs.rcos.nii.ac.jp/ にブラウザでアクセスします。 with a browser.
- If you are redirected to 認証画面を経て https://jupyter.cs.rcos.nii.ac.jp/hub/home にリダイレクトされればOKです。 after going through the authentication screen, you are OK.
問い合わせ先
国立情報学研究所 オープンサイエンス基盤研究センター
オンライン分析システム担当 藤原一毅 <cs-support@nii.ac.jp>
...