foo/shib-storedid2computedid-example
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

storedid working

Browse Source
This commit is contained in:
root 2022-08-05 14:32:19 +00:00
parent d8367d6a72
commit 16e9ff7096
4 changed files with 38 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
conf/attribute-filter.xml
View File

@ -20,85 +20,8 @@
<PolicyRequirementRule xsi:type="ANY" /> <PolicyRequirementRule xsi:type="ANY" />
<AttributeRule attributeID="schacHomeOrganization" permitAny="true" /> <AttributeRule attributeID="schacHomeOrganization" permitAny="true" />
<AttributeRule attributeID="eduPersonTargetedID" permitAny="true" />
</AttributeFilterPolicy> </AttributeFilterPolicy>
<!--
Example rule relying on a locally applied tag in metadata to trigger attribute
release of some specific attributes. Add additional attributes as desired.
-->
<AttributeFilterPolicy id="Per-Attribute-singleValued">
<PolicyRequirementRule xsi:type="ANY" />
<AttributeRule attributeID="eduPersonPrincipalName">
<PermitValueRule xsi:type="EntityAttributeExactMatch"
attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
attributeValue="eduPersonPrincipalName" />
</AttributeRule>
<AttributeRule attributeID="mail">
<PermitValueRule xsi:type="EntityAttributeExactMatch"
attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
attributeValue="mail" />
</AttributeRule>
</AttributeFilterPolicy>
<!--
Same as above but more efficient form for an attribute with multiple values.
-->
<AttributeFilterPolicy id="Per-Attribute-Affiliation">
<PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
attributeValue="eduPersonScopedAffiliation" />
<AttributeRule attributeID="eduPersonScopedAffiliation" permitAny="true" />
</AttributeFilterPolicy>
<!--
Example rule for honoring Subject ID requirement tag in metadata.
The example supplies pairwise-id if subject-id isn't explicitly required.
-->
<AttributeFilterPolicy id="subject-identifiers">
<PolicyRequirementRule xsi:type="ANY" />
<AttributeRule attributeID="samlPairwiseID">
<PermitValueRule xsi:type="OR">
<Rule xsi:type="EntityAttributeExactMatch"
attributeName="urn:oasis:names:tc:SAML:profiles:subject-id:req"
attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
attributeValue="pairwise-id" />
<Rule xsi:type="EntityAttributeExactMatch"
attributeName="urn:oasis:names:tc:SAML:profiles:subject-id:req"
attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
attributeValue="any" />
</PermitValueRule>
</AttributeRule>
<AttributeRule attributeID="samlSubjectID">
<PermitValueRule xsi:type="EntityAttributeExactMatch"
attributeName="urn:oasis:names:tc:SAML:profiles:subject-id:req"
attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
attributeValue="subject-id" />
</AttributeRule>
</AttributeFilterPolicy>
<!-- Release an additional attribute to an SP. -->
<AttributeFilterPolicy id="example1">
<PolicyRequirementRule xsi:type="Requester" value="https://sp.example.org" />
<AttributeRule attributeID="uid" permitAny="true" />
</AttributeFilterPolicy>
<!-- Release eduPersonScopedAffiliation to two specific SPs. -->
<AttributeFilterPolicy id="example2">
<PolicyRequirementRule xsi:type="OR">
<Rule xsi:type="Requester" value="https://sp.example.org" />
<Rule xsi:type="Requester" value="https://another.example.org/shibboleth" />
</PolicyRequirementRule>
<AttributeRule attributeID="eduPersonScopedAffiliation" permitAny="true" />
</AttributeFilterPolicy>
</AttributeFilterPolicyGroup> </AttributeFilterPolicyGroup>

15
conf/attribute-resolver.xml
View File

@ -61,6 +61,14 @@ list of possible components and their options.
<InputDataConnector ref="staticAttributes" attributeNames="affiliation" /> <InputDataConnector ref="staticAttributes" attributeNames="affiliation" />
</AttributeDefinition> </AttributeDefinition>
<AttributeDefinition id="eduPersonTargetedID" xsi:type="SAML2NameID"
nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
<InputDataConnector ref="storedID" attributeNames="storedID"/>
<AttributeEncoder xsi:type="SAML2XMLObject"
name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" friendlyName="eduPersonTargetedID" />
</AttributeDefinition>
<!-- ========================================== --> <!-- ========================================== -->
<!-- Data Connectors --> <!-- Data Connectors -->
@ -75,4 +83,11 @@ list of possible components and their options.
</Attribute> </Attribute>
</DataConnector> </DataConnector>
<DataConnector xsi:type="StoredId" id="storedID"
generatedAttributeID="storedID"
salt='04D00D29-5FFF-4732-8645-ED8B7678BE4E'>
<InputAttributeDefinition ref="uid" />
<BeanManagedConnection>sqlite-dataconnector</BeanManagedConnection>
</DataConnector>
</AttributeResolver> </AttributeResolver>

15
conf/global.xml
View File

@ -49,4 +49,19 @@
</util:map> </util:map>
--> -->
<bean id="sqlite-dataconnector" class="org.apache.commons.dbcp2.BasicDataSource" destroy-method="close"
p:driverClassName="%{datasource.driverClass}"
p:url="%{datasource.jdbcUrl}"
p:initialSize="5"
p:maxTotal="50"
p:maxIdle="5"
p:maxWaitMillis="2000"
/>
<bean id="sqlite-storeageservice" parent="shibboleth.JDBCStorageService"
p:dataSource-ref="sqlite-dataconnector"
p:transactionIsolation="4"
p:retryableErrors="40001"
/>
</beans> </beans>

7
conf/idp.properties
View File

@ -246,3 +246,10 @@ idp.audit.shortenBindings=true
idp.loglevel.idp=DEBUG idp.loglevel.idp=DEBUG
idp.loglevel.messages=DEBUG idp.loglevel.messages=DEBUG
idp.loglevel.encryption=DEBUG idp.loglevel.encryption=DEBUG
# database details
datasource.driverClass = org.sqlite.JDBC
datasource.jdbcUrl = jdbc:sqlite:/opt/idp-storedid/db/stored-id.db
# datasource.user = <USER>
# datasource.password = <PASS>