...
The corresponding SAML Attribute for a setting is named by suffixing the "base" name of the setting to a profile URL that is defined by the Shibboleth software for each of the supported profiles.
The URLs are as follows:
Profile | Profile URL |
---|---|
http://shibboleth.net/ns/profiles/saml1/sso/browser | |
http://shibboleth.net/ns/profiles/saml1/query/attribute | |
http://shibboleth.net/ns/profiles/saml1/query/artifact | |
http://shibboleth.net/ns/profiles/saml2/sso/browser | |
http://shibboleth.net/ns/profiles/saml2/sso/ecp | |
http://shibboleth.net/ns/profiles/saml2/query/attribute | |
http://shibboleth.net/ns/profiles/saml2/query/artifact | |
http://shibboleth.net/ns/profiles/saml2/logout | |
https://www.apereo.org/cas/protocol/login | |
https://www.apereo.org/cas/protocol/proxy | |
https://www.apereo.org/cas/protocol/serviceValidate |
It follows that the includeAttributeStatement
property of the "Shibboleth.SSO" profile configuration can be set via a metadata Attribute named "http://shibboleth.net/ns/profiles/saml1/sso/browser/includeAttributeStatement
"
...
Code Block |
---|
<AttributeFilterPolicy id="Per-Attribute-singleValued"> <PolicyRequirementRule xsi:type="ANY"/> <AttributeRule attributeID="eduPersonPrincipalName"> <PermitValueRule xsi:type="EntityAttributeExactMatch" attributeName="http://shibboleth.net/ns/attributes/releaseAllValues" attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" attributeValue="eduPersonPrincipalName" /> </AttributeRule> <AttributeRule attributeID="mail"> <PermitValueRule xsi:type="EntityAttributeExactMatch" attributeName="http://shibboleth.net/ns/attributes/releaseAllValues" attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" attributeValue="mail" /> </AttributeRule> </AttributeFilterPolicy> |
Reference
Beans
Bean ID | Type | Function |
---|---|---|
RelyingParty.MDDriven | A template bean for use in defining metadata-driven RelyingParty overrides by hand | |
RelyingPartyByName.MDDriven | A template bean for defining metadata-driven RelyingParty overrides based on matching by name | |
RelyingPartyByGroup.MDDriven | A template bean for defining metadata-driven RelyingParty overrides based on matching by | |
RelyingPartyByEntitiesDescriptor.MDDriven | A template bean for defining metadata-driven RelyingParty overrides based on matching by | |
RelyingPartyByTag.MDDriven | A template bean for defining metadata-driven RelyingParty overrides based on matching | |
RelyingPartyByMappedTag.MDDriven | A template bean for defining metadata-driven RelyingParty overrides based on matching | |
Shibboleth.SSO.MDDriven | Default metadata-driven configuration for SAML 1.1 SSO profile | |
SAML1.AttributeQuery.MDDriven | Default metadata-driven configuration for SAML 1.1 Attribute Query profile | |
SAML1.ArtifactResolution.MDDriven | Default metadata-driven configuration for SAML 1.1 Artifact Resolution profile | |
SAML2.SSO.MDDriven | Default metadata-driven configuration for SAML 2.0 SSO profile | |
SAML2.ECP.MDDriven | Default metadata-driven configuration for SAML 2.0 Enhanced Client/Proxy profile | |
SAML2.Logout.MDDriven | Default metadata-driven configuration for SAML 2.0 Single Logout profile | |
SAML2.AttributeQuery.MDDriven | Default metadata-driven configuration for SAML 2.0 Attribute Query profile | |
SAML2.ArtifactResolution.MDDriven | Default metadata-driven configuration for SAML 2.0 Artifact Resolution profile | |
CAS.LoginConfiguration.MDDriven | Default metadata-driven configuration for CAS login prototol | |
CAS.ProxyConfiguration.MDDriven | Default metadata-driven configuration for CAS proxy login protocol | |
CAS.ValidateConfiguration.MDDriven | Default metadata-driven configuration for CAS ticket validation protocol | |
shibboleth.DefaultMDProfileAliases | List<String> | A built-in list of alternate URL "prefixes" to property names, this is used to automate the generation of property tag names that apply to all profiles at the same time. |
shibboleth.MDProfileAliases | List<String> | An optional user-supplied list of additional URL prefixes to support custom property tag names |
shibboleth.MDDrivenStringProperty | Parent bean for defining new lookup strategies for string settings | |
shibboleth.MDDrivenBoolProperty | Parent bean for defining new lookup strategies for boolean settings | |
shibboleth.MDDrivenIntProperty | Parent bean for defining new lookup strategies for integer settings | |
shibboleth.MDDrivenLongProperty | Parent bean for defining new lookup strategies for long integer settings | |
shibboleth.MDDrivenDoubleProperty | Parent bean for defining new lookup strategies for double settings | |
shibboleth.MDDrivenDurationProperty | Parent bean for defining new lookup strategies for Duration settings | |
shibboleth.MDDrivenListProperty | Parent bean for defining new lookup strategies for List settings | |
shibboleth.MDDrivenSetProperty | Parent bean for defining new lookup strategies for Set settings | |
shibboleth.MDDrivenBeanProperty | Parent bean for defining new lookup strategies for arbitrary Spring bean settings |