Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: update syntax for IDPv5

...

The eduPerson specification has defined the generic attribute eduPersonEntitlement to communicate entitlements, permissions or rights between entities. For the specific case of library services MACE-Dir has then defined a standard eduPersonEntitlement attribute value (see below for details). This is the only attribute (other than maybe a unique identifier) library services will generally need, as such no more data should be sent from the Identity Provider:

...

Define the attribute

See our IDP 3 4 Attribute resolution documentation for a simple example of how to generate and assign the common-lib-terms entitlement based on eduPersonAffiliation values.

...

Code Block
languagehtml/xml
titleRelease eduPersonEntitlement by enumerating SPs
<AttributeFilterPolicy id="CommonLibTerms">
    <PolicyRequirementRule xsi:type="OR">
        <Rule xsi:type="Requester" value="https://test-sp.aco.net/shibboleth" />
        <Rule xsi:type="Requester" value="https://ieeexplore.ieee.org/shibboleth-sp" />
        <Rule xsi:type="Requester" value="http://shibboleth.ebscohost.com" />
        <Rule xsi:type="Requester" value="https://sp.tshhosting.com/shibboleth" />
        <Rule xsi:type="Requester" value="https://www.content-select.com/simplesaml/module.php/saml/sp/metadata.php/preselect.media-sp" />
        <Rule xsi:type="Requester" value="https://sdauth.sciencedirect.com/" />
        <Rule xsi:type="Requester" value="https://www.tandfonline.com/shibboleth" />
        <Rule xsi:type="Requester" value="https://fsso.springer.com" />
        <Rule xsi:type="Requester" value="https://secure.nature.com/shibboleth" />
        <Rule xsi:type="Requester" value="https://shibboleth.genios.de/shibboleth" />
        <Rule xsi:type="Requester" value="https://shibboleth-faz.genios.de/shibboleth" /> 
        <Rule xsi:type="Requester" value="https://shibboleth.statista.com" />
        <Rule xsi:type="Requester" value="https://www.hanser-elibrary.com/shibboleth" />
        <Rule xsi:type="Requester" value="https://shibboleth.ovid.com/entity" />
        <Rule xsi:type="Requester" value="https://prd.thieme.de/shibboleth-sp" />
        <Rule xsi:type="Requester" value="https://www.beck-elibrary.de/Shibboleth.sso" />
        <Rule xsi:type="Requester" value="https://www.nomos-elibrary.de/Shibboleth.sso" />
        <Rule xsi:type="Requester" value="https://iam.atypon.com/shibboleth" />
        <Rule xsi:type="Requester" value="https://portal.zedhia.at/saml" />
        <Rule xsi:type="Requester" value="https://sp.eblib.com/shibboleth" />
        <Rule xsi:type="Requester" value="https://login.intelliconnect.inta.cch.com/" />
        <Rule xsi:type="Requester" value="https://shibbolethsp.jstor.org/shibboleth" />
        <Rule xsi:type="Requester" value="https://shibboleth-sp.prod.proquest.com/shibboleth" />
        <Rule xsi:type="Requester" value="https://elibrary.verlagoesterreich.at" />
    </PolicyRequirementRule>
    <AttributeRule attributeID="eduPersonEntitlement">
        <PermitValueRule xsi:type="Value" value="urn:mace:dir:entitlement:common-lib-terms" />
    </AttributeRule>
</AttributeFilterPolicy>

...

Code Block
languagehtml/xml
titleRelease eduPersonScopedAffiliation by enumerating SPs that don't support entitlements
<AttributeFilterPolicy id="LibrarySPsScopedAffiliation">
    <PolicyRequirementRule xsi:type="OR">
        <Rule xsi:type="Requester" value="https://shibboleth.cambridge.org/shibboleth-sp" />
        <Rule xsi:type="Requester" value="https://shibboleth.highwire.org/entity/secure-sp" />
        <Rule xsi:type="Requester" value="https://secure.nature.com/shibboleth" />
        <Rule xsi:type="Requester" value="https://ticket.iop.org/shibboleth" />
        <Rule xsi:type="Requester" value="https://shib.rsc.org/shibboleth" />
        <Rule xsi:type="Requester" value="https://sp.emerald.com/sp" />
        <Rule xsi:type="Requester" value="https://cas.manz.at/shibboleth" />
        <Rule xsi:type="Requester" value="https://lindedigital.at/shibboleth" />
        <Rule xsi:type="Requester" value="https://shib.lexisnexis.com" />
        <Rule xsi:type="Requester" value="https://signin.lexisnexis.com/lnaccess/fed/authn" />
        <Rule xsi:type="Requester" value="https://www.utb-studi-e-book.de/websso/metadata" />
        <Rule xsi:type="Requester" value="https://elibrary.hogrefe.de" />
        <Rule xsi:type="Requester" value="https://sp.ebrary.com/shibboleth" />
    </PolicyRequirementRule>
    <AttributeRule attributeID="eduPersonScopedAffiliation">
        <PermitValueRule xsi:type="OR">
            <Rule xsi:type="Value" value="student"  ignoreCasecaseSensitive="truefalse" />
            <Rule xsi:type="Value" value="staff"    ignoreCasecaseSensitive="truefalse" />
            <Rule xsi:type="Value" value="faculty"  ignoreCasecaseSensitive="truefalse" />
            <Rule xsi:type="Value" value="employee" ignoreCasecaseSensitive="truefalse" />
            <Rule xsi:type="Value" value="member"   ignoreCasecaseSensitive="truefalse" />
            <Rule xsi:type="Value" value="library-walk-in" ignoreCasecaseSensitive="truefalse" />
        </PermitValueRule>
    </AttributeRule>
</AttributeFilterPolicy>

...