meatwiki 緊急メンテナンスのお知らせ

緊急システムメンテナンスのため、5/24(金) 12:00-14:00 は、本Wikiをご利用いただけません。ご不便をおかけいたしますが、ご理解の程、よろしくお願いいたします。
GakuNinShibInstall

スペース ショートカット

ページ ツリー

比較バージョン

古いバージョン 4

changes.mady.by.user Takeshi Nishimura

保存しました

次と比較

新しいバージョン 現在

changes.mady.by.user Takeshi Nishimura

保存しました

キー

  • この行は追加されました。
  • この行は削除されました。
  • 書式設定が変更されました。

Table of contents

目次
maxLevel3excludeTable of contents2

...

1. Introduction

This document explains explanins how to give your consent to the release of attributes to Service Provider (in short, SP) via uApprove .jp Jet Pack 4.0 (in short, uApproveJP).
The user consent steps are as follows:

  1. Login with Username/Password authentication.Accept the terms of useto the IdP.
  2. Select the optional attributes to be released to Service and confirm it.Final confirmation of release.
  3. The attributes are released to a the Service.

2. Operation flow

2.1 Login

...

to the IdP

When using SP, redirect from SP to IdP of your organization, and log in to IdP.

Below is a sample of IdP with password authentication login page (figure 1) from Service Provider. IdP requires a pair of username and password for authorization. If authorization is succeeded, you proceed to the terms of use page or the attributes selection page.If you want to login, enter your Username/Password and press "Continue" button.
If you want to reset attribute release approvals, you have to check the checkbox "Reset my attribute release approvals"(see uApprove.jp user's manual).
If you want to reset when the "Reset my attribute release approvals" checkbox is not displayed, you have to access the page of the list of approved SP(see uApprove.jp user's manual).

ギャラリー
include1_login_en.png
columns1

...

titleFigure 1: Login page

2.2 Terms of use

You may get the terms of use page (figure 2) after success of login. This page will be shown if:

  1. the user accesses the system for the first time or
  2. terms of use have been revised from previously accepted by the user.

You have to check the "I accept the terms of use" checkbox and click the "Confirm" button in order to continue.

ギャラリー
includetou.png
columns1
titleFigure 2: Terms of use page

If you clicked the "Decline" button, your web browser should display the page shown in Figure 3. You have to close your web browser in order to cancel the login process.

To return to the terms of use page, click the "Back" button.

ギャラリー
includetou_declined.png
columns1
titleFigure 3: Terms of use declined

If you want to reset attribute release approvals, you have to check the checkbox "Clear my attribute release consent". See 3. Reset-approvals for details.

2.2

...

Optional attribute selection

This page shows information about you that will be released to the SP, in the form of a Digital ID Card (figure 42).

  • Mandatory/optional information These attributes for using the service
    You can select the optional attributes to be released to SP from the list by checking the box.
    Attributes with grayed-out checkboxes are sent to SP always after confirmation. You cannot refuse release of them.
  • Optional information
    • You can select the optional attributes to be released to SP from the list by checking the box.

...

  •  

The meaning of the icon placed beside the attributes is as follows:  

IconDescription

Image Added

indicates that how to use this attribute is provided by SP.

by clicking this icon, short description is displayed to the next line.

In addition, it is required to decide the policy of the release of attributes. You must choose a policy with the radio buttons:

  • I always check ... (default)agree to send my information this time.
    You can confirm the information that will be released to this SP, on every login session.
  • I agree ...that the same information will be sent automatically to this service in the future. (default)
    Allow to send the selected information when you use this SP again, automatically.
    If next time you use this SP, this page will not display again unless the attributes on the agreed have been changed (see uApprove.jp user's manual).. See 2.2.1 Review the attributes change for if  the attributes to have agreed changed.
  • I agree that all of my information will be released to any serviceDon't show me ...
    Allow to send all attributes to any SP automatically. If you choose this, all the optional attributes will be checked and can not be unchecked.
    This page will never display displayed again, even if the some attributes on the agreed are changed (and possibly adding the different attributes)or new attributes are added.

After select selecting attributes and choose choosing a policy, you click the "NextAccept" button for display the final confirmation pageto proceed.

ギャラリー
include

...

2_attr-selection_en.png
columns1
titleFigure

...

2: Attribute selection page

If you clicked the "CancelReject" button, your web browser should will display the page shown in Figure 5. You have to close your web browser in order to cancel the login process.

To return to the attribute selection page, click the "Back" button.

ギャラリー
includeoption_cancel.png
columns1
titleFigure 5: Attribute release cancel

messages indicating that the service is not available.

2.2

...

.1 Review the attributes change

When any of the following conditions is satisfied on the SP where "I agree ..that the data same as this time will be sent automatically to this service in the future." option is applied, auto attributes sending is stopped and this review page (figure 62) is displayed.

  • The value of selected attribute have has been modified
  • Optional attributes An optional attribute which is not allowed to release before is changed to mandatory
  • An optional attribute has been added

In this page, radio button "I agree ..that the same information will be sent automatically to this service in the future." is checked as the default value.

Figure 6 shows the case of "email" which was optional attribute is changed to mandatory.

ギャラリー
includeoption_select_attrchanged.png
columns1
titleFigure 6: Attribute selection page (attribute setting is modified)

Even if you cancel login by selecting "Reject" at modified attribute selecting page, your previous agreed information is still preserved.

To cancel your previous agreed information, go to reset your agreement at the login window.

2.3

2.4 Final confirmation of release

Attributes which are going to be released to the SP are displayed on the form of Digital ID card in this page (figure 7).
You do the final confirmation before sending attributes to SP.

If you allow to send the attributes to the SP, please click the "Send" button.
If you redo the selection of attributes, click the "Back" button.

ギャラリー
includeoption_confirm.png
columns1
titleFigure 7: Attribute release confirmation page

...

Release of information

Mandatory attributes and selected optional attributes are sent to the SP.

You are redirected to SP, this involves the attributes release, and your web browser should display the page which after logged into the SP. For example, the SP for testing shows the information received by SP as shown in Figure 8figure 3.

ギャラリー
include

...

3_sp_

...

en.png
columns1

...

titleFigure

...

3:

...

Example SP page after login

3. Reset-approvals

This page is displayed by checking "Reset my attribute release approvalsWhen you logged in with checking "Clear prior granting of permission for release of your information to this service." on login page, the information below is resetted and optional attribute selection(figure 92) will be displayed.

The "Confirm" button performs the following:

  • Stop to automatically send the information to any SP
  • Redirect to attributes selection page (uApprove.jp user's manual)
  • Make all checkbox for optional attributes be deselected

The "Cancel" button proceed the session without resetting.

ギャラリー
includereset.png
columns1
titleFigure 9: Reset of the attribute releases

4. List-approvals

If you access to the URL of the page of the list of approved SP, and authentication on IdP is succeeded, you can browse that list.

  • If you have not approve any SP, displayed like figure 10
  • If you have approved SPs individually, displayed like figure 11
  • If you have approved any all SP, displayed like figure 12
ギャラリー
includelista.png
columns1
titleFigure 10:If you have not approve any SP
  • Approval by selecting "I agree that the same information will be sent automatically to this service in the future."
  • Approval by selecting "I agree that all of my information will be released to any service."

4. Difference from previous uApproveJP

4.1 Difference from uApproveJP 3.4

The following points are different between uApproveJP 4.0 and uApproveJP 3.4.

  • The order of attributes (required attributes and optional attributes mixed) has been changed so that optional attributes are listed after required attributes are listed.

4.2 Difference from uApproveJP 2.5

The following points are different between uApproveJP 3.4 and uApproveJP 2.5.

  • Not implemented: preserve checkbox state when displaying the attribute selection page again.
    The page is always displayed with all the checkboxes unchecked.
  • A new condition is added in section 2.2.1:
    • An optional attribute has been added
  • Due to a restriction of Shibboleth IdP 3, you should enable includeAttributeStatement in SAML1 to display the consent page
ギャラリー
includelistb.png
columns1
titleFigure 11:If you have approved SPs individually
ギャラリー
includelistc.png
columns1
titleFigure 12:If you have approved any all SP

If the page of final is prepared by administrator, the "Exit" button navigates to that page.

4.1 Revocation of consent

You can revoke consent by click the "Reset" or "Reset all" button.

  • The "Reset" button reset the agreement for that SP
  • The "Reset all" button reset the agreement for the all SPs

When you click one, display the confirmation page for revoke(figure 13).

ギャラリー
includerevoke.png
columns1
titleFigure 13: Confirmation page for revoke
  • The "Confirm" button reset the agreement for that SP, and go back to the page of the list of SPs.
  • The "Cancel" button do not resetting, and go back to the page of the list of SPs.