Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The corresponding SAML Attribute for a setting is named by suffixing the "base" name of the setting to a profile URL that is defined by the Shibboleth software for each of the supported profiles.

The URLs are as follows:

Profile

Profile URL

Shibboleth.SSO

http://shibboleth.net/ns/profiles/saml1/sso/browser

SAML1.AttributeQuery

http://shibboleth.net/ns/profiles/saml1/query/attribute

SAML1.ArtifactResolution

http://shibboleth.net/ns/profiles/saml1/query/artifact

SAML2.SSO

http://shibboleth.net/ns/profiles/saml2/sso/browser

SAML2.ECP

http://shibboleth.net/ns/profiles/saml2/sso/ecp

SAML2.AttributeQuery

http://shibboleth.net/ns/profiles/saml2/query/attribute

SAML2.ArtifactResolution

http://shibboleth.net/ns/profiles/saml2/query/artifact

SAML2.Logout

http://shibboleth.net/ns/profiles/saml2/logout

CAS.LoginConfiguration

https://www.apereo.org/cas/protocol/login

CAS.ProxyConfiguration

https://www.apereo.org/cas/protocol/proxy

CAS.ValidateConfiguration

https://www.apereo.org/cas/protocol/serviceValidate

It follows that the includeAttributeStatement property of the "Shibboleth.SSO" profile configuration can be set via a metadata Attribute named "http://shibboleth.net/ns/profiles/saml1/sso/browser/includeAttributeStatement"

...

Code Block
<AttributeFilterPolicy id="Per-Attribute-singleValued">
	<PolicyRequirementRule xsi:type="ANY"/>

	<AttributeRule attributeID="eduPersonPrincipalName">
		<PermitValueRule xsi:type="EntityAttributeExactMatch"
			attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
			attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
			attributeValue="eduPersonPrincipalName" />
	</AttributeRule>

	<AttributeRule attributeID="mail">
		<PermitValueRule xsi:type="EntityAttributeExactMatch"
			attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
			attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
			attributeValue="mail" />
	</AttributeRule>
</AttributeFilterPolicy>

Reference

Beans

Bean ID

Type

Function

RelyingParty.MDDriven                                          

RelyingPartyConfiguration

A template bean for use in defining metadata-driven RelyingParty overrides by hand

RelyingPartyByName.MDDriven

RelyingPartyConfiguration

A template bean for defining metadata-driven RelyingParty overrides based on matching by name

RelyingPartyByGroup.MDDriven

RelyingPartyConfiguration

A template bean for defining metadata-driven RelyingParty overrides based on matching by <EntitiesDescriptor> groups or SAML metadata-based <AffiliationDescriptor> groups

RelyingPartyByEntitiesDescriptor.MDDriven

RelyingPartyConfiguration

A template bean for defining metadata-driven RelyingParty overrides based on matching by <EntitiesDescriptor> groups only

RelyingPartyByTag.MDDriven

RelyingPartyConfiguration

A template bean for defining metadata-driven RelyingParty overrides based on matching <EntityAttributes> extension content

RelyingPartyByMappedTag.MDDriven

RelyingPartyConfiguration

A template bean for defining metadata-driven RelyingParty overrides based on matching <EntityAttributes> extension content mapped via the AttributeRegistryConfiguration

Shibboleth.SSO.MDDriven

BrowserSSOProfileConfiguration

Default metadata-driven configuration for SAML 1.1 SSO profile

SAML1.AttributeQuery.MDDriven

AttributeQueryProfileConfiguration

Default metadata-driven configuration for SAML 1.1 Attribute Query profile

SAML1.ArtifactResolution.MDDriven

ArtifactResolutionProfileConfiguration

Default metadata-driven configuration for SAML 1.1 Artifact Resolution profile

SAML2.SSO.MDDriven

BrowserSSOProfileConfiguration

Default metadata-driven configuration for SAML 2.0 SSO profile

SAML2.ECP.MDDriven

ECPProfileConfiguration

Default metadata-driven configuration for SAML 2.0 Enhanced Client/Proxy profile

SAML2.Logout.MDDriven

SingleLogoutProfileConfiguration

Default metadata-driven configuration for SAML 2.0 Single Logout profile

SAML2.AttributeQuery.MDDriven

AttributeQueryProfileConfiguration

Default metadata-driven configuration for SAML 2.0 Attribute Query profile

SAML2.ArtifactResolution.MDDriven

ArtifactResolutionProfileConfiguration

Default metadata-driven configuration for SAML 2.0 Artifact Resolution profile

CAS.LoginConfiguration.MDDriven

LoginConfiguration

Default metadata-driven configuration for CAS login prototol

CAS.ProxyConfiguration.MDDriven

ProxyConfiguration

Default metadata-driven configuration for CAS proxy login protocol

CAS.ValidateConfiguration.MDDriven

ValidateConfiguration

Default metadata-driven configuration for CAS ticket validation protocol

shibboleth.DefaultMDProfileAliases

List<String>

A built-in list of alternate URL "prefixes" to property names, this is used to automate the generation of property tag names that apply to all profiles at the same time.

shibboleth.MDProfileAliases

List<String>

An optional user-supplied list of additional URL prefixes to support custom property tag names

shibboleth.MDDrivenStringProperty

StringConfigurationLookupStrategy

Parent bean for defining new lookup strategies for string settings

shibboleth.MDDrivenBoolProperty

BooleanConfigurationLookupStrategy

Parent bean for defining new lookup strategies for boolean settings

shibboleth.MDDrivenIntProperty

IntegerConfigurationLookupStrategy

Parent bean for defining new lookup strategies for integer settings

shibboleth.MDDrivenLongProperty

LongConfigurationLookupStrategy

Parent bean for defining new lookup strategies for long integer settings

shibboleth.MDDrivenDoubleProperty

DoubleConfigurationLookupStrategy

Parent bean for defining new lookup strategies for double settings

shibboleth.MDDrivenDurationProperty

DurationConfigurationLookupStrategy

Parent bean for defining new lookup strategies for Duration settings

shibboleth.MDDrivenListProperty

ListConfigurationLookupStrategy

Parent bean for defining new lookup strategies for List settings

shibboleth.MDDrivenSetProperty

SetConfigurationLookupStrategy

Parent bean for defining new lookup strategies for Set settings

shibboleth.MDDrivenBeanProperty

BeanConfigurationLookupStrategy

Parent bean for defining new lookup strategies for arbitrary Spring bean settings