Attribute-map.xml - internal use skeleton
From RavenWiki
Jump to navigationJump to search
Here's an example attribute-map.xml file that enables all the lookup-derived attributes that the Raven IdP makes available to registered SPs in the University. In a standard configuration it needs to be stored in the same direction as shibboleth2.xml. If you install this and you are still not seeing things like 'ou' then it's likely that your SP isn't registered or the registration is failing.
Be careful not to corrupt or reformat this file when extracting it from this page - wikis are not the best vehicle for software distribution.
<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <!-- First some useful eduPerson attributes that many sites might use. --> <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName" id="eppn"> <AttributeDecoder xsi:type="ScopedAttributeDecoder"/> </Attribute> <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" id="eppn"> <AttributeDecoder xsi:type="ScopedAttributeDecoder"/> </Attribute> <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" id="affiliation"> <AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/> </Attribute> <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" id="affiliation"> <AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/> </Attribute> <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation" id="unscoped-affiliation"> <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/> </Attribute> <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" id="unscoped-affiliation"> <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/> </Attribute> <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement" id="entitlement"/> <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" id="entitlement"/> <!-- A persistent id attribute that supports personalized anonymous access. --> <!-- First, the deprecated version, decoded as a scoped string: --> <Attribute name="urn:mace:dir:attribute-def:eduPersonTargetedID" id="targeted-id"> <AttributeDecoder xsi:type="ScopedAttributeDecoder"/> <!-- <AttributeDecoder xsi:type="NameIDFromScopedAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name"/> --> </Attribute> <!-- Second, an alternate decoder that will turn the deprecated form into the newer form. --> <!-- <Attribute name="urn:mace:dir:attribute-def:eduPersonTargetedID" id="persistent-id"> <AttributeDecoder xsi:type="NameIDFromScopedAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name"/> </Attribute> --> <!-- Third, the new version (note the OID-style name): --> <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" id="persistent-id"> <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name"/> </Attribute> <!-- Fourth, the SAML 2.0 NameID Format: --> <Attribute name="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" id="persistent-id"> <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name"/> </Attribute> <!-- Some more eduPerson attributes, uncomment these to use them... --> <!-- <Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" id="primary-affiliation"> <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/> </Attribute> <Attribute name="urn:mace:dir:attribute-def:eduPersonNickname" id="nickname"/> <Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN" id="primary-orgunit-dn"/> <Attribute name="urn:mace:dir:attribute-def:eduPersonOrgUnitDN" id="orgunit-dn"/> <Attribute name="urn:mace:dir:attribute-def:eduPersonOrgDN" id="org-dn"/> <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" id="primary-affiliation"> <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/> </Attribute> <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" id="nickname"/> <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.8" id="primary-orgunit-dn"/> <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.4" id="orgunit-dn"/> <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.3" id="org-dn"/> --> <!--Examples of LDAP-based attributes, uncomment to use these... --> <Attribute name="urn:mace:dir:attribute-def:cn" id="cn"/> <Attribute name="urn:mace:dir:attribute-def:sn" id="sn"/> <Attribute name="urn:mace:dir:attribute-def:givenName" id="givenName"/> <Attribute name="urn:mace:dir:attribute-def:mail" id="mail"/> <Attribute name="urn:mace:dir:attribute-def:telephoneNumber" id="telephoneNumber"/> <Attribute name="urn:mace:dir:attribute-def:title" id="title"/> <Attribute name="urn:mace:dir:attribute-def:initials" id="initials"/> <Attribute name="urn:mace:dir:attribute-def:description" id="description"/> <Attribute name="urn:mace:dir:attribute-def:carLicense" id="carLicense"/> <Attribute name="urn:mace:dir:attribute-def:departmentNumber" id="departmentNumber"/> <Attribute name="urn:mace:dir:attribute-def:displayName" id="displayName"/> <Attribute name="urn:mace:dir:attribute-def:employeeNumber" id="employeeNumber"/> <Attribute name="urn:mace:dir:attribute-def:employeeType" id="employeeType"/> <Attribute name="urn:mace:dir:attribute-def:preferredLanguage" id="preferredLanguage"/> <Attribute name="urn:mace:dir:attribute-def:manager" id="manager"/> <Attribute name="urn:mace:dir:attribute-def:seeAlso" id="seeAlso"/> <Attribute name="urn:mace:dir:attribute-def:facsimileTelephoneNumber" id="facsimileTelephoneNumber"/> <Attribute name="urn:mace:dir:attribute-def:street" id="street"/> <Attribute name="urn:mace:dir:attribute-def:postOfficeBox" id="postOfficeBox"/> <Attribute name="urn:mace:dir:attribute-def:postalCode" id="postalCode"/> <Attribute name="urn:mace:dir:attribute-def:st" id="st"/> <Attribute name="urn:mace:dir:attribute-def:l" id="l"/> <Attribute name="urn:mace:dir:attribute-def:o" id="o"/> <Attribute name="urn:mace:dir:attribute-def:ou" id="ou"/> <Attribute name="urn:mace:dir:attribute-def:businessCategory" id="businessCategory"/> <Attribute name="urn:mace:dir:attribute-def:physicalDeliveryOfficeName" id="physicalDeliveryOfficeName"/> <Attribute name="urn:oid:2.5.4.3" id="cn"/> <Attribute name="urn:oid:2.5.4.4" id="sn"/> <Attribute name="urn:oid:2.5.4.42" id="givenName"/> <Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/> <Attribute name="urn:oid:2.5.4.20" id="telephoneNumber"/> <Attribute name="urn:oid:2.5.4.12" id="title"/> <Attribute name="urn:oid:2.5.4.43" id="initials"/> <Attribute name="urn:oid:2.5.4.13" id="description"/> <Attribute name="urn:oid:2.16.840.1.113730.3.1.1" id="carLicense"/> <Attribute name="urn:oid:2.16.840.1.113730.3.1.2" id="departmentNumber"/> <Attribute name="urn:oid:2.16.840.1.113730.3.1.241" id="displayName"/> <Attribute name="urn:oid:1.2.840.113556.1.2.610" id="employeeNumber"/> <Attribute name="urn:oid:1.2.840.113556.1.2.613" id="employeeType"/> <Attribute name="urn:oid:2.16.840.1.113730.3.1.39" id="preferredLanguage"/> <Attribute name="urn:oid:0.9.2342.19200300.100.1.10" id="manager"/> <Attribute name="urn:oid:2.5.4.34" id="seeAlso"/> <Attribute name="urn:oid:2.5.4.23" id="facsimileTelephoneNumber"/> <Attribute name="urn:oid:2.5.4.9" id="street"/> <Attribute name="urn:oid:2.5.4.18" id="postOfficeBox"/> <Attribute name="urn:oid:2.5.4.17" id="postalCode"/> <Attribute name="urn:oid:2.5.4.8" id="st"/> <Attribute name="urn:oid:2.5.4.7" id="l"/> <Attribute name="urn:oid:2.5.4.10" id="o"/> <Attribute name="urn:oid:2.5.4.11" id="ou"/> <Attribute name="urn:oid:2.5.4.15" id="businessCategory"/> <Attribute name="urn:oid:2.5.4.19" id="physicalDeliveryOfficeName"/> <!-- UofC specials --> <AttributeRule Name="urn:oid:1.3.6.1.4.1.6822.1.1.2" id="groupid" /> </Attributes>