...
Replace the variable $IDP_HOME$
by the correct path, e.g. /opt/shibboleth-idp
(so that the whole value looks like file:/opt/shibboleth-idp/conf/uApprove.properties
for example).
Put the correct metadata of the IdP as $IDP_HOME$/conf/relying-party.xml
. And, edit the $IDP_HOME$/conf/relying-party.xml
to read $IDP_HOME$/metadata/idp-metadata.xml
:
...
ヒント | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
In your attribute filter policy file you’ll need to add the namespace declaration for this plugin. To do this:
- Add the attribute
xmlns:uajpmf="http://www.gakunin.jp/ns/uapprove-jp/afp/mf"
before before thexmlns:xsi
attribute on the root<AttributeFilterPolicyGroup>
element. - Add the following at the end of the whitespace delimited list of values for the
xsi:schemaLocation
attribute:http://www.gakunin.jp/ns/uApprove-jp/afp/mf classpath:/schema/shibboleth-2.0-afp-mf-uApprovejp.xsd
.
Define the Rule
This rule is defined by the <PermitValueRule xsi:type="uajpmf:AttributeInMetadata">
element with the following optional attribute:
...
You need to add the definition of name space for this plugin to profile handler file(ex. $IDP_HOME$/conf/handler.xml
) like,
- add add
xmlns:uajpph="http://www.gakunin.jp/ns/uapprove-jp/profile-handler"
attribute attribute beforexmlns:xsi
attribute in the root element. - add below to the list of
xsi:schemaLocation
attribute values.http://www.gakunin.jp/ns/uapprove-jp/profile-handler classpath classpath:/schema/shibboleth-2.0-idp-profile-handler-uapprovejp.xsd
コード ブロック | ||
---|---|---|
| ||
... <ph:ProfileHandlerGroup xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:uajpph="http://www.gakunin.jp/ns/uapprove-jp/profile-handler" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd http://www.gakunin.jp/ns/uapprove-jp/profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler-uapprovejp.xsd"> ... |
...
You need to change AttributeQuery profile handler like:
- change value of
xsi:type
attribute fromph:SAML1AttributeQuery
touajpph:SAML1AttributeQueryUApprove
. - change value of
xsi:type
attribute fromph:SAML2AttributeQuery
touajpph:SAML2AttributeQueryUApprove
.
...
The notification of the using purpose of attributes on SP can be used to add uajpmd:description
to <RequestedAttribute>
element, or add <uajpmd:RequestedAttributeExtension>
element in <Extensions>
element in <SPSSODescriptor>
element.
...
This attribute is defined by the <ResquestedAttribute>
element:
uajpmd:description | String indicated of the using purpose of attributes on SP |
Example the <RequestedAttribute>
element with uajpmd:descrption
:
コード ブロック | ||
---|---|---|
| ||
<md:RequestedAttribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" uajpmd:description="The mail attribute is used as the initial value of the mail address field of the registration form."/> |
...
The <uajpmd:Description> element describes the using purpose of attributes on SP and defines with the following attributes:
xml:lang | The language used in the using purpose of attributes on SP |
...