Infocard Configuration

You have to add the extension module to the lists of extensions; add a session initiator for infocard; and configure an assertion consumer location; and provide a login form template.

You may have to add an attribute acceptanec policy as well.

`shibboleth2.xml`.

Add the module to both the InProcess and OutOfProcess sections:

<OutOfProcess ...>
     <Extensions>
        <Library path="(shib-root)/lib/infocard/infocard.so" fatal="true"/>
     </Extensions>

  </OutOfProcess>
  <InProcess ...>
     <Extensions>
        <Library path="(shib-root)/lib/infocard/infocard-lite.so" fatal="true"/>
     </Extensions>
  </InProcess>

Add a session initiator:

<SessionInitiator type="Chaining" Location="/SHIB/Infocard"
        id="Infocard" isDefault="false" relayState="cookie">
     <SessionInitiator type="Infocard" template="(shib-root)/etc/shibboleth/infocard.html"/>
  </SessionInitiator>

Configure an assertion consumer service:

<md:AssertionConsumerService Location="/SAML/Infocard" index="7"
     Binding="urn:mace:shibboleth:2.0:infocard"/>

Define a login template

The login template, referenced in the session initiator, automatically submits a form that starts Infocard login. The form identifies the attributes you want from the IdP.
Here is an example, requesting eduPerson attributes (infocard.html for the session initiator)

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity">
<head>
 <title>Shibboleth InfoCard login request</title>
</head>
<body onload="document.forms[0].submit()">

<h3>Shibboleth InfoCard login request</h3>

  <script type="text/javascript">
   <!--
    document.write("<p>You are automatically being redirected to the authentication service. ");
    document.write("If the browser appears to be hung up after 15-20 seconds, try reloading ");
    document.write("the page before contacting the technical support staff in charge of the ");
    document.write("authentication service you are trying to access.</p>");
    document.write("<h2>Redirecting...</h2>");
    // -->
  </script>

  <noscript>
  <p>
  <strong>Note:</strong> Since your browser does not support JavaScript, you must press the
  Continue button once to proceed to the authentication service.
  </p>
  </noscript>


  <form method="post" action="<shibmlp action_target/>">
     <shibmlpif wctx>
        <input type="hidden" name="wctx" value="<shibmlp wctx/>"/>
     </shibmlpif>

     <ic:informationCard name="xmlToken"
         style="behavior:url(#default#informationCard)"
         <shibmlpif stsid>
           issuer="<shibmlp stsid/>"
         </shibmlpif>
         <!-- Specify either a SAML1 or SAML2 assertion -->
         <!-- <tokenType="urn:oasis:names:tc:SAML:1.0:assertion"> -->
         <tokenType="urn:oasis:names:tc:SAML:2.0:assertion">

        <ic:add claimType="urn:mace:dir:attribute-def:eduPersonPrincipalName" optional="false"/>
        <ic:add claimType="urn:mace:dir:attribute-def:eduPersonEntitlement" optional="false"/>
        <ic:add claimType="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" optional="false"/>
      </ic:informationCard>
     <noscript>
       <div>
       <input type="submit" value="Continue"/>
       </div>
     </noscript>

    </form>

</body>
</html>

Browser not supported