Seitenhistorie
...
- TCS Personal Certs
- Service Categories: REFEDS R&S
Creating the attribute with Shibboleth IDP v3
If you are already supporting persistent NameIDs you could re-use parts of that configuration to easily create eduPersonUniqueID attributes. The example below works by taking the attribute configured in /opt/shibboleth-idp/conf/saml-nameid.properties (idp.persistentId.sourceAttribute) as source data, applying the same salt as configured in /opt/shibboleth-idp/conf/saml-nameid.properties (idp.persistentId.salt), and generating an MD5 hash from the combined string:
| Codeblock | ||||
|---|---|---|---|---|
| ||||
<AttributeDefinition id="eduPersonUniqueId" xsi:type="ScriptedAttribute">
<Dependency ref="myLDAP" />
<Script><![CDATA[
var scopedValue = Java.type("net.shibboleth.idp.attribute.ScopedStringAttributeValue");
var digestUtils = Java.type("org.apache.commons.codec.digest.DigestUtils");
var idSaltHash = digestUtils.md5Hex(
%{idp.persistentId.sourceAttribute}.getValues().get(0) + "%{idp.persistentId.salt}");
eduPersonUniqueId.addValue(new scopedValue(idSaltHash,"%{idp.scope}"));
]]></Script>
<AttributeEncoder xsi:type="SAML1ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" encodeType="false" />
<AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" friendlyName="eduPersonUniqueId" encodeType="false" />
</AttributeDefinition> |
Überblick
Inhalte
Aufgabenbericht