...
パネル |
---|
borderColor | silver |
---|
bgColor | white |
---|
title | $IDP_HOME$/conf/global.xml |
---|
|
...
<bean id="shibboleth.FallbackLanguages" parent="shibboleth.CommaDelimStringArray" c:_0="#{'%{idp.ui.fallbackLanguages:}'.trim()}" />
<util<util:map idmap id="shibboleth.CustomViewContext"> <entry key="OptionalAttributeFunction"> <bean class="jp.gakunin.idp.consent.logic.impl.OptionalAttributeFunction" /> </entry> <entry key="AttributeIntendedUseFunction"> <bean class="jp.gakunin.idp.consent.logic.impl.AttributeIntendedUseFunction" p:defaultLanguages-ref="shibboleth.FallbackLanguages" /> </entry> </util:map>
...
|
Modify <constructor-arg name="strategy">
in bean named "shibboleth.AttributeFilterService"
to as below in $IDP_HOME$/system/conf/services-system.xml
:
...
パネル |
---|
borderColor | silver |
---|
bgColor | white |
---|
title | $IDP_HOME$/system/conf/services-system.xml |
---|
|
...
<bean id="shibboleth.AttributeFilterService" class="net.shibboleth.ext.spring.service.ReloadableSpringService" depends-on="shibboleth.VelocityEngine" p:serviceConfigurations-ref="#{'%{idp.service.attribute.filter.resources:shibboleth.AttributeFilterResources}'.trim()}" p:failFast="%{idp.service.attribute.filter.failFast:%{idp.service.failFast:false}}" p:reloadCheckDelay="%{idp.service.attribute.filter.checkInterval:PT0S}" p:beanPostProcessors-ref="shibboleth.IdentifiableBeanPostProcessor" p:beanFactoryPostProcessors-ref="shibboleth.PropertySourcesPlaceholderConfigurer"> <constructor-arg name="claz" value="net.shibboleth.idp.attribute.filter.AttributeFilter" /> <constructor-arg name="strategy"> <bean class="jp.gakunin.idp.attribute.filter.spring.impl.AttributeFilterServiceStrategy" depends-on="shibboleth.AttributeRegistryService" p:transcoderRegistry-ref="shibboleth.AttributeRegistryService"
id="ShibbolethAttributeFilter"/> </constructor-arg> </bean>
...
|
Modify the class definition in bean named "IsConsentRequiredPredicate"
to as below in $IDP_HOME$/system/flows/intercept/attribute-release-beans.xml
:
...
パネル |
---|
borderColor | silver |
---|
bgColor | white |
---|
title | $IDP_HOME$/conf/global.xml |
---|
|
<!-- Use this file to define any custom beans needed globally. -->
<bean id="shibboleth.JPAStorageService"
class="org.opensaml.storage.impl.JPAStorageService"
p:cleanupInterval="%{idp.storage.cleanupInterval:PT10M}"
c:factory-ref="shibboleth.JPAStorageService.entityManagerFactory" />
<bean id="shibboleth.JPAStorageService.entityManagerFactory"
class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
<property name="packagesToScan" value="org.opensaml.storage.impl" />
<property name="dataSource" ref="shibboleth.MySQLDataSource" />
<property name="jpaVendorAdapter" ref="shibboleth.JPAStorageService.JPAVendorAdapter" />
<property name="jpaDialect">
<bean class="org.springframework.orm.jpa.vendor.HibernateJpaDialect" />
</property>
</bean>
<bean id="shibboleth.JPAStorageService.JPAVendorAdapter"
class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter"
p:database="MYSQL" />
<bean id="shibboleth.MySQLDataSource"
class="org.apache.commons.dbcp2.BasicDataSource"
p:driverClassName="com.mysql.jdbc.Driver"
p:url="jdbc:mysql://localhost:3306/shibboleth"
p:username="shibboleth"
p:password="shibpassword"
p:maxTotal="10"
p:maxIdle="5"
p:maxWaitMillis="15000"
p:testOnBorrow="true"
p:validationQuery="select 1"
p:validationQueryTimeout="5" />
|
...
パネル |
---|
borderColor | silver |
---|
bgColor | white |
---|
|
<EntityDescriptor entityID="https://sp.example.org/shibboleth">
<!-- ... -->
<SPSSODescriptor> <Extensions> <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> <mdui:DisplayName xml:lang="en">Example SP</mdui:DisplayName> <!-- Service names in other languages --> <mdui:Description xml:lang="en">Some description of Example SP</mdui:Description> <!-- Service descriptions in other languages --> </mdui:UIInfo> </Extensions>
<!-- ... -->
<AttributeConsumingService index="1"> <ServiceName xml:lang="en">Example SP</ServiceName> <!-- Service names in other languages --> <ServiceDescription xml:lang="en">Some description of Example SP</ServiceDescription> <!-- Service descriptions in other languages --> </AttributeConsumingService>
<!-- ... -->
</SPSSODescriptor> </EntityDescriptor>
|
...
- Add the attribute
xmlns:uajpmf="http://www.gakunin.jp/ns/uapprove-jp/afp/mf"
before the xmlns:xsi
attribute on the root <AttributeFilterPolicyGroup>
element. - Add the following at the end of the whitespace delimited list of values for the
xsi:schemaLocation
attribute:
http://www.gakunin.jp/ns/uapprove-jp/afp/mf http://www.gakunin.jp/schema/idp/gakunin-afp-mf-uapprovejp.xsd
Define the Rule
This rule is defined by the <PermitValueRule xsi:type="uajpmf:AttributeInMetadata">
element with the following optional attribute:
...
パネル |
---|
borderColor | silver |
---|
bgColor | white |
---|
|
<!-- ==================================================================================
case 1: rule which compares metadata definitions with attributes mail,
eduPersonPrincipalName, eduPersonAffiliation.
Metadata which is marked as required, Everything is required information
and always released.
Metadate which is marked as optional:
* mail attribute is required information and always released.
* eduPersonPrincipalName attribute is optional information. In attribute
selection window, it is displayed with checkbox. If the user checked the
checkbox, it is released.
* eduPersonAffiliation attribute is not released.
No attributes are released when SP has no <AttributeConsumingService>
element in metadata.
================================================================================== -->
<AttributeFilterPolicy id="PolicyforSPwithAttributeConsumingService">
<PolicyRequirementRule xsi:type="basic:ANY" />
<AttributeRule attributeID="mail">
<PermitValueRule xsi:type="uajpmf:AttributeInMetadata"
onlyIfRequired="false" />
</AttributeRule>
<AttributeRule attributeID="eduPersonPrincipalName">
<PermitValueRule xsi:type="uajpmf:AttributeInMetadata"
onlyIfRequired="false"
onlyIfChecked="true" />
</AttributeRule>
<AttributeRule attributeID="eduPersonAffiliation">
<PermitValueRule xsi:type="uajpmf:AttributeInMetadata" />
</AttributeRule>
</AttributeFilterPolicy>
<!-- ==================================================================================
case 2: Example rule to add rule to SP which has no <AttributeConsumingService>
element in metadata.
When SP has no <AttributeConsumingService> element:
* mail attribute is required information and always released.
* eduPersonPrincipalName attribute is optional information. In attribute
selection window, it is displayed with checkbox. If the user checked the
checkbox, it is released.
* eduPersonAffiliation attribute is not released.
When SP has <AttributeConsumingService> element, it is the same as case 1.
================================================================================== -->
<AttributeFilterPolicy id="PolicyforSPwithoutAttributeConsumingService">
<PolicyRequirementRule xsi:type="basic:ANY" />
<AttributeRule attributeID="mail">
<PermitValueRule xsi:type="uajpmf:AttributeInMetadata"
matchIfMetadataSilent="true"
onlyIfRequired="false" />
</AttributeRule>
<AttributeRule attributeID="eduPersonPrincipalName">
<PermitValueRule xsi:type="uajpmf:AttributeInMetadata"
matchIfMetadataSilent="true"
onlyIfRequired="false"
onlyIfChecked="true" />
</AttributeRule>
<AttributeRule attributeID="eduPersonAffiliation">
<PermitValueRule xsi:type="uajpmf:AttributeInMetadata" />
</AttributeRule>
</AttributeFilterPolicy> |
...