ACOnet Identity Federation

ACOnet Identity Federation

eduID
eduroam
Contact

Content

Page tree

Versions Compared

Old Version 43

changes.mady.by.user Peter Schober

Saved on

compared with

New Version Current

changes.mady.by.user Peter Schober

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: rm SAML1 def for subject-id

...

Code Block
languagexml
titleSubjectID, re-using the definitions for persistendIds
<AttributeDefinition id="subjectHash" xsi:type="ScriptedAttribute" dependencyOnly="true">
    <InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}" />
    <Script><![CDATA[
      var digestUtils = Java.type("org.apache.commons.codec.digest.DigestUtils");
      var saltedHash  = digestUtils.sha256Hex(%{idp.persistentId.sourceAttribute}.getValues().get(0) + "%{idp.persistentId.salt}");
      subjectHash.addValue(saltedHash);
    ]]></Script>
</AttributeDefinition>

<AttributeDefinition id="subject-id" xsi:type="Scoped" scope="%{idp.scope}">
    <InputAttributeDefinition ref="subjectHash" />
    <DisplayName xml:lang="de">Opake Benutzerkennung</DisplayName>
    <DisplayName xml:lang="en">Opaque user identifier</DisplayName>
    <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:oasis:names:tc:SAML:attribute:subject-id" encodeType="false" />
    <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oasis:names:tc:SAML:attribute:subject-id" friendlyName="subject-id" encodeType="false" />
</AttributeDefinition>

...