[[IdP-ShibV2]]
Trace: Idpv3x-c8 IDP v4 as proxy
Show pageOld revisions
AdminRecent ChangesSitemap

* ancien site

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
docpublic:systemes:shibboleth:idpv2 [2010/01/03 11:38]
PROCACCIA 		docpublic:systemes:shibboleth:idpv2 [2010/05/11 20:20] (current)
PROCACCIA
Line 51: Line 51:
  
 ==== Tomcat ==== ==== Tomcat ====
 +
 +un serveur d'application java, ici tomcat:
  
 <code> <code>
Line 845: Line 847:
  
  
 +=== Construction d'attributs ===
  
 +== Mapped ==
 +
 +Si l'annuaire n'est pas encore compatible supann/eduperson , on peux creer des attribut compatibles (ici eduPersonAffiliation) sur la base d'attributs pre-existants (ici employeeType) .
 +Exemple
 +
 +<code>
 +<!-- https://spaces.internet2.edu/display/SHIB2/ResolverMappedAttributeDefinition -->
 +<resolver:AttributeDefinition xsi:type="Mapped" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
 +                             id="eduPersonAffiliation"
 +                             sourceAttributeID="employeeType">
 +   <resolver:Dependency ref="myLDAP" />
 +       <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
 +           name="urn:mace:dir:attribute-def:eduPersonAffiliation" />
 +       <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
 +           name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" friendlyName="eduPersonAffiliation" />
 +    <!-- default to the generic value 'affiliate' -->
 +    <DefaultValue>affiliate</DefaultValue>
 +    <!-- map internal values like 'student-worker' and 'undergraduate' to 'student' -->
 +    <ValueMap>
 +        <ReturnValue>employee</ReturnValue>
 +        <!--<SourceValue ignoreCase="true">CN=.*,ou=permanents,dc=people,dc=mysite,dc=fr</SourceValue> -->
 +        <SourceValue ignoreCase="true">permanent</SourceValue>
 +    </ValueMap>
 +       <!-- map your internal 'Institut' value to 'invite' -->
 +    <ValueMap>
 +        <ReturnValue>invite</ReturnValue>
 +        <SourceValue>Institut</SourceValue>
 +    </ValueMap>
 +       <!-- map your internal 'CDD' value to 'member' -->
 +    <ValueMap>
 +        <ReturnValue>member</ReturnValue>
 +        <SourceValue>CDD</SourceValue>
 +    </ValueMap>
 +       <!-- map your internal 'Doctorant' value to 'member' -->
 +    <ValueMap>
 +        <ReturnValue>member</ReturnValue>
 +        <SourceValue>Doctorant</SourceValue>
 +    </ValueMap>
 +</resolver:AttributeDefinition> 
 +</code>
 +
 +
 +== Expression reguliere ==
 +
 +construction d'un attribut sur la base d'une dn de branche ldap => split REgex :
 +
 +<code>
 +<!-- https://spaces.internet2.edu/display/SHIB2/ResolverRegexSplitAttributeDefinition -->
 +<resolver:AttributeDefinition xsi:type="RegexSplit" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
 +                              id="employeeType"
 +                              sourceAttributeID="distinguishedName"
 +                              regex=".*,OU=([^,]*),DC=people,DC=mysite,DC=fr">
 +        <resolver:Dependency ref="tl1AD" />
 +     <!-- Remaining configuration from the next step goes here -->
 +        <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
 +            name="urn:mace:dir:attribute-def:employeeType" />
 +        <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
 +            name="urn:oid:2.16.840.1.113730.3.1.4" friendlyName="employeeType" />
 +</resolver:AttributeDefinition>
 +</code>
  
 ===== Test de l'IDP ===== ===== Test de l'IDP =====
docpublic/systemes/shibboleth/idpv2.1262518721.txt.gz · Last modified: 2010/01/03 11:38 by PROCACCIA
Show pageOld revisions
[unknown link type]Back to top
CC Attribution-Noncommercial-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0