...
2.1 IdPへの設定例
学認参加IdPへの設定例は以下のとおりです。(2017/9/20修正)
コード ブロック |
---|
--------attribute-resolver.xmlに追加-------------- <AttributeDefinition xsi:type="ad:SimpleMapped" id="eduPersonEntitlementForEduroamFedID" sourceAttributeID="eduPersonEntitlementuid"> <Dependency ref="mappedAffiliationmyLDAP" /> <ValueMap> <ReturnValue>urn:mace:gakunin.jp:entitlement:federated-id.eduroam.jp:site-admin</ReturnValue> <SourceValue>ID1</SourceValue> <SourceValue>ID2</SourceValue> <SourceValue>ID3</SourceValue> </ValueMap> <AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:eduPersonEntitlement" encodeType="false" /> <AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" encodeType="false" /> </AttributeDefinition> <AttributeDefinition id="mappedAffiliation" xsi:type="Mapped" xmlns ="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="uid"> <Dependency ref="myLDAP" /> <ValueMap> <ReturnValue>urn:mace:gakunin.jp:entitlement:federated-id.eduroam.jp:site-admin</ReturnValue> <SourceValue>ID1</SourceValue> <SourceValue>ID2</SourceValue> <SourceValue>ID3</SourceValue> </ValueMap> </AttributeDefinition> --------attribute-filter.xmlに追加-------------- <!-- Policy for Eduroam FederatedID --> <AttributeFilterPolicy id="PolicyforEduroamFederatedId"> <PolicyRequirementRule xsi:type="Requester" value="https://federated-id.eduroam.jp/shibboleth-sp" /> <AttributeRule attributeID="eduPersonTargetedID"> <PermitValueRule xsi:type="basic:ANY" /> </AttributeRule> <AttributeRule attributeID="organizationName"> <PermitValueRule xsi:type="basic:ANY" /> </AttributeRule> <AttributeRule attributeID="eduPersonAffiliation"> <PermitValueRule xsi:type="basic:ANY" /> </AttributeRule> <AttributeRule attributeID="eduPersonEntitlementForEduroamFedID"> <PermitValueRule xsi:type="basic:ANY" /> </AttributeRule> </AttributeFilterPolicy> |
...