Rearange template files. Start on templating

author: Markus Krogh <markus@nordu.net> 2017-10-02 14:20:48 +0200
committer: Markus Krogh <markus@nordu.net> 2017-10-02 14:20:48 +0200
commit: aab254a9894c8d04679e7aeffcab22f35eeadf7d (patch)
tree: 5462a2124adf3d4de99b107835b53ea3fd53d172 /idp/template-config/attribute-resolver.xml
parent: 818063992c86ac7e6f6b085e6d97886a23af5512 (diff)
1 files changed, 0 insertions, 223 deletions
diff --git a/idp/template-config/attribute-resolver.xml b/idp/template-config/attribute-resolver.xml
deleted file mode 100644
index 92fb1bb..0000000
--- a/idp/template-config/attribute-resolver.xml
+++ /dev/null
@@ -1,223 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-    This file is an EXAMPLE configuration file. While the configuration
-    presented in this example file is semi-functional, it isn't very
-    interesting. It is here only as a starting point for your deployment
-    process.
-
-    Very few attribute definitions and data connectors are demonstrated,
-    and the data is derived statically from the logged-in username and a
-    static example connector.
-
-    Attribute-resolver-full.xml contains more examples of attributes,
-    encoders, and data connectors. Deployers should refer to the Shibboleth
-    documentation for a complete list of components and their options.
-
-    NOTE: This file is from the Nordunet template-config
-
--->
-<AttributeResolver
-  xmlns="urn:mace:shibboleth:2.0:resolver"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd">
-
-
-  <!-- ========================================== -->
-  <!--      Attribute Definitions                 -->
-  <!-- ========================================== -->
-
-  <!--
-    The EPPN is the "standard" federated username in higher ed.
-    For guidelines on the implementation of this attribute, refer
-    to the Shibboleth and eduPerson documentation. Above all, do
-    not expose a value for this attribute without considering the
-    long term implications.
-    -->
-    <!--
-    The uid is the closest thing to a "standard" LDAP attribute
-    representing a local username, but you should generally *never*
-    expose uid to federated services, as it is rarely globally unique.
-    -->
-    <AttributeDefinition id="uid" xsi:type="Simple" sourceAttributeID="uid">
-      <Dependency ref="myLDAP" />
-      <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:uid" />
-      <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" />
-    </AttributeDefinition>
-
-    <!--
-    In the rest of the world, the email address is the standard identifier,
-    despite the problems with that practice. Consider making the EPPN value
-    the same as your official email addresses whenever possible.
-    -->
-    <AttributeDefinition id="mail" xsi:type="Simple" sourceAttributeID="mail">
-      <Dependency ref="myLDAP" />
-      <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" />
-      <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" />
-    </AttributeDefinition>
-
-    <AttributeDefinition id="email" xsi:type="Simple" sourceAttributeID="mail">
-      <Dependency ref="myLDAP" />
-      <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" />
-      <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" />
-    </AttributeDefinition>
-
-    <AttributeDefinition id="commonName" xsi:type="Simple" sourceAttributeID="cn">
-      <Dependency ref="myLDAP" />
-      <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:cn" />
-      <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.3" friendlyName="cn" />
-    </AttributeDefinition>
-
-    <AttributeDefinition id="displayName" xsi:type="Simple" sourceAttributeID="cn"><!-- yes for ndn ldap this is correct -->
-      <Dependency ref="myLDAP" />
-      <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:displayName" />
-      <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.241" friendlyName="displayName" />
-    </AttributeDefinition>
-
-    <AttributeDefinition id="surname" xsi:type="Simple" sourceAttributeID="sn">
-      <Dependency ref="myLDAP" />
-      <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:sn" />
-      <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.4" friendlyName="sn" />
-    </AttributeDefinition>
-
-    <AttributeDefinition id="organizationName" xsi:type="Simple" sourceAttributeID="o">
-      <Dependency ref="staticAttributes" />
-      <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:o" />
-      <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.10" friendlyName="o" />
-    </AttributeDefinition>
-
-    <AttributeDefinition id="givenName" xsi:type="Simple" sourceAttributeID="givenName">
-      <Dependency ref="myLDAP" />
-      <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:givenName" />
-      <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.42" friendlyName="givenName" />
-    </AttributeDefinition>
-
-    <!-- Schema: inetOrgPerson attributes-->
-    <AttributeDefinition id="employeeType" xsi:type="Simple" sourceAttributeID="employeeType">
-      <Dependency ref="myLDAP" />
-      <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:employeeType" />
-      <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.4" friendlyName="employeeType" />
-    </AttributeDefinition>
-
-    <!-- Schema: eduPerson attributes -->
-
-    <AttributeDefinition id="mappedEduPersonEntitlement" xsi:type="Mapped" sourceAttributeID="memberOf" dependencyOnly="true">
-      <Dependency ref="myLDAPGROUPS" />
-      <ValueMap>
-        <ReturnValue>urn:x-ldapgroup:ndn-sysadmin</ReturnValue>
-        <SourceValue>cn=ndn-sysadmin,ou=groups,dc=nordu,dc=net</SourceValue>
-      </ValueMap>
-      <ValueMap>
-        <ReturnValue>urn:x-ldapgroup:ndn-netadmin</ReturnValue>
-        <SourceValue>cn=ndn-netadmin,ou=groups,dc=nordu,dc=net</SourceValue>
-      </ValueMap>
-      <ValueMap>
-        <ReturnValue>urn:x-ldapgroup:ndn-secadmin</ReturnValue>
-        <SourceValue>cn=ndn-secadmin,ou=groups,dc=nordu,dc=net</SourceValue>
-      </ValueMap>
-    </AttributeDefinition>
-
-    <AttributeDefinition id="eduPersonEntitlement" xsi:type="Simple" sourceAttributeID="staticeduPersonEntitlement">
-      <Dependency ref="mappedEduPersonEntitlement" />
-      <Dependency ref="staticAttributes" />
-      <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonEntitlement" />
-      <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" />
-    </AttributeDefinition>
-
-    <AttributeDefinition id="eduPersonPrimaryAffiliation" xsi:type="Simple" sourceAttributeID="eduPersonPrimaryAffiliation">
-      <Dependency ref="myLDAP" />
-      <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" />
-      <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" friendlyName="eduPersonPrimaryAffiliation" />
-    </AttributeDefinition>
-
-    <AttributeDefinition id="eduPersonPrincipalName" xsi:type="Scoped" scope="%{idp.scope}" sourceAttributeID="uid"><!-- In ndn it is uid+scope -->
-      <Dependency ref="myLDAP" />
-      <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" />
-      <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" />
-    </AttributeDefinition>
-
-    <AttributeDefinition id="eduPersonScopedAffiliation" xsi:type="Scoped" scope="%{idp.scope}" sourceAttributeID="employeeType">
-      <Dependency ref="myLDAP" />
-      <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" />
-      <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" />
-    </AttributeDefinition>
-
-<!-- from swamid installer -->
-  <AttributeDefinition id="norEduOrgAcronym" xsi:type="Simple" sourceAttributeID="norEduOrgAcronym">
-    <Dependency ref="staticAttributes" />
-    <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:norEduOrgAcronym" />
-    <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.2428.90.1.6" friendlyName="norEduOrgAcronym" />
-  </AttributeDefinition>
-
-  <AttributeDefinition id="schacHomeOrganization" xsi:type="Simple" sourceAttributeID="schacHomeOrganization">
-    <Dependency ref="staticAttributes" />
-    <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:schacHomeOrganization" />
-    <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.25178.1.2.9" friendlyName="schacHomeOrganization" />
-  </AttributeDefinition>
-
-  <AttributeDefinition id="schacHomeOrganizationType" xsi:type="Simple" sourceAttributeID="schacHomeOrganizationType">
-    <Dependency ref="staticAttributes" />
-    <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:schacHomeOrganization" />
-    <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.25178.1.2.9" friendlyName="schacHomeOrganization" />
-  </AttributeDefinition>
-
-  <!-- If we want to use google apps at some point we need: friendlyCountryName, countryName and principal -->
-
-
-
-  <!-- ========================================== -->
-  <!--      Data Connectors                       -->
-  <!-- ========================================== -->
-
-  <!--
-    Example LDAP Connector
-
-    The connectivity details can be specified in ldap.properties to
-    share them with your authentication settings if desired.
-    -->
-    <DataConnector id="myLDAP" xsi:type="LDAPDirectory"
-      ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
-      baseDN="%{idp.attribute.resolver.LDAP.baseDN}">
-      <FilterTemplate>
-        <![CDATA[
-        %{idp.attribute.resolver.LDAP.searchFilter}
-        ]]>
-      </FilterTemplate>
-    </DataConnector>
-    <DataConnector id="myLDAPGROUPS" xsi:type="LDAPDirectory"
-      ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
-      baseDN="%{idp.attribute.resolver.LDAP.baseDN}">
-      <FilterTemplate>
-        <![CDATA[
-        %{idp.attribute.resolver.LDAP.searchFilter}
-        ]]>
-      </FilterTemplate>
-      <ReturnAttributes>memberOf</ReturnAttributes>
-    </DataConnector>
-
-    <DataConnector id="staticAttributes" xsi:type="Static">
-      <Attribute id="o">
-        <Value>NORDUnet A/S</Value>
-      </Attribute>
-      <Attribute id="schacHomeOrganization">
-        <Value>nordu.net</Value>
-      </Attribute>
-      <Attribute id="schacHomeOrganizationType">
-        <Value>urn:schac:homeOrganizationType:int:NREN</Value>
-      </Attribute>
-      <Attribute id="norEduOrgAcronym">
-        <Value>NORDUNet</Value>
-      </Attribute>
-      <Attribute id="staticeduPersonEntitlement">
-        <Value>urn:mace:dir:entitlement:common-lib-terms</Value>
-        <Value>urn:mace:terena.org:tcs:escience-user</Value>
-        <Value>urn:mace:terena.org:tcs:personal-user</Value>
-        <Value>urn:mace:rediris.es:entitlement:wiki:tfemc2</Value>
-        <Value>urn:mace:swami.se:gmai:sunet-baas:admin</Value>
-        <Value>urn:mace:swami.se:gmai:sunet-iaas:admin</Value>
-        <Value>urn:mace:swami.se:gmai:sunet-iaas:user</Value>
-      </Attribute>
-    </DataConnector>
-
-  <!-- eduPersonTargetdID placeholder -->
-
-</AttributeResolver>
author	Markus Krogh <markus@nordu.net>	2017-10-02 14:20:48 +0200
committer	Markus Krogh <markus@nordu.net>	2017-10-02 14:20:48 +0200
commit	aab254a9894c8d04679e7aeffcab22f35eeadf7d (patch)
tree	5462a2124adf3d4de99b107835b53ea3fd53d172 /idp/template-config/attribute-resolver.xml
parent	818063992c86ac7e6f6b085e6d97886a23af5512 (diff)