Page History
...
The attribute resolver contains two kinds of configuration items: DataConnector
s, which supply input data from data sources as the LDAP or Database servers described above, and AttributeDefintion
s, which transform the individual data elements (e.g. name, email address) retrieved from those DataConnectors. For the proper on-the-wire representation as SAML attributes (or for other protocols) the IDP comes with a default set of transcoding rules referenced in /opt/shibboleth-idp/conf/attributes/default-rules.xml
. (Deployers of earlier versions of the software will notice how short and clean AttributeDefinitions can be, and the "missing" DisplayName and AttributeEncoder elements can all be found in the referenced transcoding rules, e.g. conf/attributes/inetOrgPerson.xml
, conf/attributes/eduPerson.xml
and so on.)
...
title | Preparation for missing SCHAC transcoding rules |
---|
Since IDPv4 currently does not come with transcoding rules for SCHAC Attributes we're adding those from a configuration snipped curated by our friends at DFN:
Download the referenced XML file to /opt/shibboleth-idp/conf/attributes/schac.xml
:
No Format |
---|
curl -sSo /opt/shibboleth-idp/conf/attributes/schac.xml https://download.aai.dfn.de/schema/dfnMisc.xml |
and then add an import for it to /opt/shibboleth-idp/conf/attributes/default-rules.xml
, after the other import elements:
Code Block | ||
---|---|---|
| ||
<import resource="schac.xml" /> |
...
Table of Contents | ||
---|---|---|
|
...