summaryrefslogtreecommitdiff
path: root/idp/template-config/attribute-resolver.xml
diff options
context:
space:
mode:
Diffstat (limited to 'idp/template-config/attribute-resolver.xml')
-rw-r--r--idp/template-config/attribute-resolver.xml223
1 files changed, 0 insertions, 223 deletions
diff --git a/idp/template-config/attribute-resolver.xml b/idp/template-config/attribute-resolver.xml
deleted file mode 100644
index 92fb1bb..0000000
--- a/idp/template-config/attribute-resolver.xml
+++ /dev/null
@@ -1,223 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- This file is an EXAMPLE configuration file. While the configuration
- presented in this example file is semi-functional, it isn't very
- interesting. It is here only as a starting point for your deployment
- process.
-
- Very few attribute definitions and data connectors are demonstrated,
- and the data is derived statically from the logged-in username and a
- static example connector.
-
- Attribute-resolver-full.xml contains more examples of attributes,
- encoders, and data connectors. Deployers should refer to the Shibboleth
- documentation for a complete list of components and their options.
-
- NOTE: This file is from the Nordunet template-config
-
--->
-<AttributeResolver
- xmlns="urn:mace:shibboleth:2.0:resolver"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd">
-
-
- <!-- ========================================== -->
- <!-- Attribute Definitions -->
- <!-- ========================================== -->
-
- <!--
- The EPPN is the "standard" federated username in higher ed.
- For guidelines on the implementation of this attribute, refer
- to the Shibboleth and eduPerson documentation. Above all, do
- not expose a value for this attribute without considering the
- long term implications.
- -->
- <!--
- The uid is the closest thing to a "standard" LDAP attribute
- representing a local username, but you should generally *never*
- expose uid to federated services, as it is rarely globally unique.
- -->
- <AttributeDefinition id="uid" xsi:type="Simple" sourceAttributeID="uid">
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:uid" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" />
- </AttributeDefinition>
-
- <!--
- In the rest of the world, the email address is the standard identifier,
- despite the problems with that practice. Consider making the EPPN value
- the same as your official email addresses whenever possible.
- -->
- <AttributeDefinition id="mail" xsi:type="Simple" sourceAttributeID="mail">
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" />
- </AttributeDefinition>
-
- <AttributeDefinition id="email" xsi:type="Simple" sourceAttributeID="mail">
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" />
- </AttributeDefinition>
-
- <AttributeDefinition id="commonName" xsi:type="Simple" sourceAttributeID="cn">
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:cn" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.3" friendlyName="cn" />
- </AttributeDefinition>
-
- <AttributeDefinition id="displayName" xsi:type="Simple" sourceAttributeID="cn"><!-- yes for ndn ldap this is correct -->
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:displayName" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.241" friendlyName="displayName" />
- </AttributeDefinition>
-
- <AttributeDefinition id="surname" xsi:type="Simple" sourceAttributeID="sn">
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:sn" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.4" friendlyName="sn" />
- </AttributeDefinition>
-
- <AttributeDefinition id="organizationName" xsi:type="Simple" sourceAttributeID="o">
- <Dependency ref="staticAttributes" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:o" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.10" friendlyName="o" />
- </AttributeDefinition>
-
- <AttributeDefinition id="givenName" xsi:type="Simple" sourceAttributeID="givenName">
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:givenName" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.42" friendlyName="givenName" />
- </AttributeDefinition>
-
- <!-- Schema: inetOrgPerson attributes-->
- <AttributeDefinition id="employeeType" xsi:type="Simple" sourceAttributeID="employeeType">
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:employeeType" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.4" friendlyName="employeeType" />
- </AttributeDefinition>
-
- <!-- Schema: eduPerson attributes -->
-
- <AttributeDefinition id="mappedEduPersonEntitlement" xsi:type="Mapped" sourceAttributeID="memberOf" dependencyOnly="true">
- <Dependency ref="myLDAPGROUPS" />
- <ValueMap>
- <ReturnValue>urn:x-ldapgroup:ndn-sysadmin</ReturnValue>
- <SourceValue>cn=ndn-sysadmin,ou=groups,dc=nordu,dc=net</SourceValue>
- </ValueMap>
- <ValueMap>
- <ReturnValue>urn:x-ldapgroup:ndn-netadmin</ReturnValue>
- <SourceValue>cn=ndn-netadmin,ou=groups,dc=nordu,dc=net</SourceValue>
- </ValueMap>
- <ValueMap>
- <ReturnValue>urn:x-ldapgroup:ndn-secadmin</ReturnValue>
- <SourceValue>cn=ndn-secadmin,ou=groups,dc=nordu,dc=net</SourceValue>
- </ValueMap>
- </AttributeDefinition>
-
- <AttributeDefinition id="eduPersonEntitlement" xsi:type="Simple" sourceAttributeID="staticeduPersonEntitlement">
- <Dependency ref="mappedEduPersonEntitlement" />
- <Dependency ref="staticAttributes" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonEntitlement" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" />
- </AttributeDefinition>
-
- <AttributeDefinition id="eduPersonPrimaryAffiliation" xsi:type="Simple" sourceAttributeID="eduPersonPrimaryAffiliation">
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" friendlyName="eduPersonPrimaryAffiliation" />
- </AttributeDefinition>
-
- <AttributeDefinition id="eduPersonPrincipalName" xsi:type="Scoped" scope="%{idp.scope}" sourceAttributeID="uid"><!-- In ndn it is uid+scope -->
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" />
- <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" />
- </AttributeDefinition>
-
- <AttributeDefinition id="eduPersonScopedAffiliation" xsi:type="Scoped" scope="%{idp.scope}" sourceAttributeID="employeeType">
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" />
- <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" />
- </AttributeDefinition>
-
-<!-- from swamid installer -->
- <AttributeDefinition id="norEduOrgAcronym" xsi:type="Simple" sourceAttributeID="norEduOrgAcronym">
- <Dependency ref="staticAttributes" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:norEduOrgAcronym" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.2428.90.1.6" friendlyName="norEduOrgAcronym" />
- </AttributeDefinition>
-
- <AttributeDefinition id="schacHomeOrganization" xsi:type="Simple" sourceAttributeID="schacHomeOrganization">
- <Dependency ref="staticAttributes" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:schacHomeOrganization" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.25178.1.2.9" friendlyName="schacHomeOrganization" />
- </AttributeDefinition>
-
- <AttributeDefinition id="schacHomeOrganizationType" xsi:type="Simple" sourceAttributeID="schacHomeOrganizationType">
- <Dependency ref="staticAttributes" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:schacHomeOrganization" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.25178.1.2.9" friendlyName="schacHomeOrganization" />
- </AttributeDefinition>
-
- <!-- If we want to use google apps at some point we need: friendlyCountryName, countryName and principal -->
-
-
-
- <!-- ========================================== -->
- <!-- Data Connectors -->
- <!-- ========================================== -->
-
- <!--
- Example LDAP Connector
-
- The connectivity details can be specified in ldap.properties to
- share them with your authentication settings if desired.
- -->
- <DataConnector id="myLDAP" xsi:type="LDAPDirectory"
- ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
- baseDN="%{idp.attribute.resolver.LDAP.baseDN}">
- <FilterTemplate>
- <![CDATA[
- %{idp.attribute.resolver.LDAP.searchFilter}
- ]]>
- </FilterTemplate>
- </DataConnector>
- <DataConnector id="myLDAPGROUPS" xsi:type="LDAPDirectory"
- ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
- baseDN="%{idp.attribute.resolver.LDAP.baseDN}">
- <FilterTemplate>
- <![CDATA[
- %{idp.attribute.resolver.LDAP.searchFilter}
- ]]>
- </FilterTemplate>
- <ReturnAttributes>memberOf</ReturnAttributes>
- </DataConnector>
-
- <DataConnector id="staticAttributes" xsi:type="Static">
- <Attribute id="o">
- <Value>NORDUnet A/S</Value>
- </Attribute>
- <Attribute id="schacHomeOrganization">
- <Value>nordu.net</Value>
- </Attribute>
- <Attribute id="schacHomeOrganizationType">
- <Value>urn:schac:homeOrganizationType:int:NREN</Value>
- </Attribute>
- <Attribute id="norEduOrgAcronym">
- <Value>NORDUNet</Value>
- </Attribute>
- <Attribute id="staticeduPersonEntitlement">
- <Value>urn:mace:dir:entitlement:common-lib-terms</Value>
- <Value>urn:mace:terena.org:tcs:escience-user</Value>
- <Value>urn:mace:terena.org:tcs:personal-user</Value>
- <Value>urn:mace:rediris.es:entitlement:wiki:tfemc2</Value>
- <Value>urn:mace:swami.se:gmai:sunet-baas:admin</Value>
- <Value>urn:mace:swami.se:gmai:sunet-iaas:admin</Value>
- <Value>urn:mace:swami.se:gmai:sunet-iaas:user</Value>
- </Attribute>
- </DataConnector>
-
- <!-- eduPersonTargetdID placeholder -->
-
-</AttributeResolver>
generated by cgit v1.1 at 2026-01-12 04:13:33 +0000