Differences

This shows you the differences between two versions of the page.

--- docpublic:systemes:shibboleth:idpv2 [2010/01/03 11:38]
PROCACCIA
+++ docpublic:systemes:shibboleth:idpv2 [2010/05/11 20:20] (current)
PROCACCIA
@@ Line 22: / Line 22: @@
 ==== Java ====
+un JDK , sun de préférence:
 <code>
@@ Line 49: / Line 51: @@
 ==== Tomcat ====
+un serveur d'application java, ici tomcat:
 <code>
@@ Line 843: / Line 847: @@
+=== Construction d'attributs ===
+== Mapped ==
+Si l'annuaire n'est pas encore compatible supann/eduperson , on peux creer des attribut compatibles (ici eduPersonAffiliation) sur la base d'attributs pre-existants (ici employeeType) .
+Exemple
+<code>
+<!-- https://spaces.internet2.edu/display/SHIB2/ResolverMappedAttributeDefinition -->
+<resolver:AttributeDefinition xsi:type="Mapped" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
+                             id="eduPersonAffiliation"
+                             sourceAttributeID="employeeType">
+   <resolver:Dependency ref="myLDAP" />
+       <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
+           name="urn:mace:dir:attribute-def:eduPersonAffiliation" />
+       <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
+           name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" friendlyName="eduPersonAffiliation" />
+    <!-- default to the generic value 'affiliate' -->
+    <DefaultValue>affiliate</DefaultValue>
+    <!-- map internal values like 'student-worker' and 'undergraduate' to 'student' -->
+    <ValueMap>
+        <ReturnValue>employee</ReturnValue>
+        <!--<SourceValue ignoreCase="true">CN=.*,ou=permanents,dc=people,dc=mysite,dc=fr</SourceValue> -->
+        <SourceValue ignoreCase="true">permanent</SourceValue>
+    </ValueMap>
+       <!-- map your internal 'Institut' value to 'invite' -->
+    <ValueMap>
+        <ReturnValue>invite</ReturnValue>
+        <SourceValue>Institut</SourceValue>
+    </ValueMap>
+       <!-- map your internal 'CDD' value to 'member' -->
+    <ValueMap>
+        <ReturnValue>member</ReturnValue>
+        <SourceValue>CDD</SourceValue>
+    </ValueMap>
+       <!-- map your internal 'Doctorant' value to 'member' -->
+    <ValueMap>
+        <ReturnValue>member</ReturnValue>
+        <SourceValue>Doctorant</SourceValue>
+    </ValueMap>
+</resolver:AttributeDefinition>
+</code>
+== Expression reguliere ==
+construction d'un attribut sur la base d'une dn de branche ldap => split REgex :
+<code>
+<!-- https://spaces.internet2.edu/display/SHIB2/ResolverRegexSplitAttributeDefinition -->
+<resolver:AttributeDefinition xsi:type="RegexSplit" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
+                              id="employeeType"
+                              sourceAttributeID="distinguishedName"
+                              regex=".*,OU=([^,]*),DC=people,DC=mysite,DC=fr">
+        <resolver:Dependency ref="tl1AD" />
+     <!-- Remaining configuration from the next step goes here -->
+        <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
+            name="urn:mace:dir:attribute-def:employeeType" />
+        <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
+            name="urn:oid:2.16.840.1.113730.3.1.4" friendlyName="employeeType" />
+</resolver:AttributeDefinition>
+</code>
 ===== Test de l'IDP =====

docpublic/systemes/shibboleth/idpv2.1262518706.txt.gz · Last modified: 2010/01/03 11:38 by PROCACCIA

Show page Old revisions

[unknown link type]Back to top