In Shibboleth IdP, static attributes can be set as user attributes. They can be used in situations when you want to give all users the same attribute and its value. 

eduPersonAssurance-attribute

New eduPersonAssurance -attributes  

values ​​can basically be set the same for all users. The set values ​​only indicate Haka's policies and do not change the operation.

Shibboleth IdP's attribute-resolver.xml file creates static values ​​that are set for all users.

In the example, a new attribute is created, the id of which is eduPersonAssurance, and the example should be applied to suit your own environment. In the definition of the attribute, the eduPersonAssurance values ​​are read from the DataConnector named staticAttributes. The example uses the Attribute Registry function of Shibboleth IdP4, where the attribute's SAML2 settings are given in the conf/attributes/eduPerson.xml file. If you use IdP3's attribute-resolver.xml file as a basis, set the necessary SAML2 encoder in the AttributeDefinition, which defines e.g. attribute urn:oid as in other attributes.

The values ​​in the example describe the basic situation in Haka, when Haka's current practices are followed.

attribute-resolver.xml
<AttributeDefinition xsi:type="Simple" id="eduPersonAssurance">
	<InputDataConnector ref="staticAttributes" allAttributes="true" />
</AttributeDefinition>


<DataConnector id="staticAttributes" xsi:type="Static">
	<Attribute id="eduPersonAssurance">
		<Value>https://refeds.org/assurance/ID/eppn-unique-no-reassign</Value>
		<Value>https://refeds.org/assurance/ATP/ePA-1m</Value>
		<Value>https://refeds.org/assurance/IAP/medium</Value>
		<Value>https://refeds.org/assurance/IAP/low</Value>
		<Value>https://refeds.org/assurance</Value>
		<Value>https://refeds.org/assurance/profile/cappuccino</Value>
	</Attribute>
</DataConnector>

For more information on the Shibboleth Wiki:


Ja Refeds Assurance Framework:

  • No labels