Attribute-map.xml - internal use skeleton: Difference between revisions
From RavenWiki
Jump to navigationJump to search
(Add a version number to avoid (further) confusion) |
(Updated to V2 - adding UofC specialls and returning targeted-id using the alternate decoder) |
||
| Line 7: | Line 7: | ||
<!-- attribute-map.xml for use with The University of Cambridge IdP --> | <!-- attribute-map.xml for use with The University of Cambridge IdP --> | ||
<!-- Version | <!-- Version 2.0 2008-03-03 --> | ||
<!-- First some useful eduPerson attributes that many sites might use. --> | <!-- First some useful eduPerson attributes that many sites might use. --> | ||
| Line 38: | Line 38: | ||
<!-- First, the deprecated version, decoded as a scoped string: --> | <!-- First, the deprecated version, decoded as a scoped string: --> | ||
<!-- | |||
<Attribute name="urn:mace:dir:attribute-def:eduPersonTargetedID" id="targeted-id"> | <Attribute name="urn:mace:dir:attribute-def:eduPersonTargetedID" id="targeted-id"> | ||
<AttributeDecoder xsi:type="ScopedAttributeDecoder"/> | <AttributeDecoder xsi:type="ScopedAttributeDecoder"/> | ||
</Attribute> | </Attribute> | ||
--> | |||
<!-- Second, an alternate decoder that will turn the deprecated form into the newer form. --> | <!-- Second, an alternate decoder that will turn the deprecated form into the newer form. --> | ||
<Attribute name="urn:mace:dir:attribute-def:eduPersonTargetedID" id="targeted-id"> | |||
<Attribute name="urn:mace:dir:attribute-def:eduPersonTargetedID" id=" | |||
<AttributeDecoder xsi:type="NameIDFromScopedAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name"/> | <AttributeDecoder xsi:type="NameIDFromScopedAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name"/> | ||
</Attribute> | </Attribute> | ||
<!-- Third, the new version (note the OID-style name): --> | <!-- Third, the new version (note the OID-style name): --> | ||
| Line 61: | Line 60: | ||
<!-- Some more eduPerson attributes, uncomment these to use them... --> | <!-- Some more eduPerson attributes, uncomment these to use them... --> | ||
<Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" id="primary-affiliation"> | <Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" id="primary-affiliation"> | ||
<AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/> | <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/> | ||
| Line 77: | Line 75: | ||
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.4" id="orgunit-dn"/> | <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.4" id="orgunit-dn"/> | ||
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.3" id="org-dn"/> | <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.3" id="org-dn"/> | ||
<!--Examples of LDAP-based attributes, uncomment to use these... --> | <!--Examples of LDAP-based attributes, uncomment to use these... --> | ||
| Line 137: | Line 134: | ||
<!-- UofC specials --> | <!-- UofC specials --> | ||
<AttributeRule Name="urn:oid:1.3.6.1.4.1.6822.1.1. | <AttributeRule Name="urn:oid:1.3.6.1.4.1.6822.1.1.5" id="instID" /> | ||
<AttributeRule Name="urn:oid:1.3.6.1.4.1.6822.1.1.11" id="mailAlternative" /> | |||
<AttributeRule Name="urn:oid:1.3.6.1.4.1.6822.1.1.22" id="groupID" /> | |||
<AttributeRule Name="urn:oid:1.3.6.1.4.1.6822.1.1.38" id="misAffiliation" /> | |||
</Attributes> | </Attributes> | ||
</nowiki></pre> | </nowiki></pre> | ||
Revision as of 18:13, 3 March 2009
Here's an example attribute-map.xml file that enables all the lookup-derived attributes that the Raven IdP makes available to registered SPs in the University. In a standard configuration it needs to be stored in the same direction as shibboleth2.xml. If you install this and you are still not seeing things like 'ou' then it's likely that your SP isn't registered or the registration is failing.
Be careful not to corrupt or reformat this file when extracting it from this page - wikis are not the best vehicle for software distribution.
<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- attribute-map.xml for use with The University of Cambridge IdP -->
<!-- Version 2.0 2008-03-03 -->
<!-- First some useful eduPerson attributes that many sites might use. -->
<Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName" id="eppn">
<AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
</Attribute>
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" id="eppn">
<AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
</Attribute>
<Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" id="affiliation">
<AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/>
</Attribute>
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" id="affiliation">
<AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/>
</Attribute>
<Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation" id="unscoped-affiliation">
<AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
</Attribute>
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" id="unscoped-affiliation">
<AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
</Attribute>
<Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement" id="entitlement"/>
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" id="entitlement"/>
<!-- A persistent id attribute that supports personalized anonymous access. -->
<!-- First, the deprecated version, decoded as a scoped string: -->
<!--
<Attribute name="urn:mace:dir:attribute-def:eduPersonTargetedID" id="targeted-id">
<AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
</Attribute>
-->
<!-- Second, an alternate decoder that will turn the deprecated form into the newer form. -->
<Attribute name="urn:mace:dir:attribute-def:eduPersonTargetedID" id="targeted-id">
<AttributeDecoder xsi:type="NameIDFromScopedAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name"/>
</Attribute>
<!-- Third, the new version (note the OID-style name): -->
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" id="persistent-id">
<AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name"/>
</Attribute>
<!-- Fourth, the SAML 2.0 NameID Format: -->
<Attribute name="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" id="persistent-id">
<AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name"/>
</Attribute>
<!-- Some more eduPerson attributes, uncomment these to use them... -->
<Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" id="primary-affiliation">
<AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
</Attribute>
<Attribute name="urn:mace:dir:attribute-def:eduPersonNickname" id="nickname"/>
<Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN" id="primary-orgunit-dn"/>
<Attribute name="urn:mace:dir:attribute-def:eduPersonOrgUnitDN" id="orgunit-dn"/>
<Attribute name="urn:mace:dir:attribute-def:eduPersonOrgDN" id="org-dn"/>
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" id="primary-affiliation">
<AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
</Attribute>
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" id="nickname"/>
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.8" id="primary-orgunit-dn"/>
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.4" id="orgunit-dn"/>
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.3" id="org-dn"/>
<!--Examples of LDAP-based attributes, uncomment to use these... -->
<Attribute name="urn:mace:dir:attribute-def:cn" id="cn"/>
<Attribute name="urn:mace:dir:attribute-def:sn" id="sn"/>
<Attribute name="urn:mace:dir:attribute-def:givenName" id="givenName"/>
<Attribute name="urn:mace:dir:attribute-def:mail" id="mail"/>
<Attribute name="urn:mace:dir:attribute-def:telephoneNumber" id="telephoneNumber"/>
<Attribute name="urn:mace:dir:attribute-def:title" id="title"/>
<Attribute name="urn:mace:dir:attribute-def:initials" id="initials"/>
<Attribute name="urn:mace:dir:attribute-def:description" id="description"/>
<Attribute name="urn:mace:dir:attribute-def:carLicense" id="carLicense"/>
<Attribute name="urn:mace:dir:attribute-def:departmentNumber" id="departmentNumber"/>
<Attribute name="urn:mace:dir:attribute-def:displayName" id="displayName"/>
<Attribute name="urn:mace:dir:attribute-def:employeeNumber" id="employeeNumber"/>
<Attribute name="urn:mace:dir:attribute-def:employeeType" id="employeeType"/>
<Attribute name="urn:mace:dir:attribute-def:preferredLanguage" id="preferredLanguage"/>
<Attribute name="urn:mace:dir:attribute-def:manager" id="manager"/>
<Attribute name="urn:mace:dir:attribute-def:seeAlso" id="seeAlso"/>
<Attribute name="urn:mace:dir:attribute-def:facsimileTelephoneNumber" id="facsimileTelephoneNumber"/>
<Attribute name="urn:mace:dir:attribute-def:street" id="street"/>
<Attribute name="urn:mace:dir:attribute-def:postOfficeBox" id="postOfficeBox"/>
<Attribute name="urn:mace:dir:attribute-def:postalCode" id="postalCode"/>
<Attribute name="urn:mace:dir:attribute-def:st" id="st"/>
<Attribute name="urn:mace:dir:attribute-def:l" id="l"/>
<Attribute name="urn:mace:dir:attribute-def:o" id="o"/>
<Attribute name="urn:mace:dir:attribute-def:ou" id="ou"/>
<Attribute name="urn:mace:dir:attribute-def:businessCategory" id="businessCategory"/>
<Attribute name="urn:mace:dir:attribute-def:physicalDeliveryOfficeName" id="physicalDeliveryOfficeName"/>
<Attribute name="urn:oid:2.5.4.3" id="cn"/>
<Attribute name="urn:oid:2.5.4.4" id="sn"/>
<Attribute name="urn:oid:2.5.4.42" id="givenName"/>
<Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/>
<Attribute name="urn:oid:2.5.4.20" id="telephoneNumber"/>
<Attribute name="urn:oid:2.5.4.12" id="title"/>
<Attribute name="urn:oid:2.5.4.43" id="initials"/>
<Attribute name="urn:oid:2.5.4.13" id="description"/>
<Attribute name="urn:oid:2.16.840.1.113730.3.1.1" id="carLicense"/>
<Attribute name="urn:oid:2.16.840.1.113730.3.1.2" id="departmentNumber"/>
<Attribute name="urn:oid:2.16.840.1.113730.3.1.241" id="displayName"/>
<Attribute name="urn:oid:1.2.840.113556.1.2.610" id="employeeNumber"/>
<Attribute name="urn:oid:1.2.840.113556.1.2.613" id="employeeType"/>
<Attribute name="urn:oid:2.16.840.1.113730.3.1.39" id="preferredLanguage"/>
<Attribute name="urn:oid:0.9.2342.19200300.100.1.10" id="manager"/>
<Attribute name="urn:oid:2.5.4.34" id="seeAlso"/>
<Attribute name="urn:oid:2.5.4.23" id="facsimileTelephoneNumber"/>
<Attribute name="urn:oid:2.5.4.9" id="street"/>
<Attribute name="urn:oid:2.5.4.18" id="postOfficeBox"/>
<Attribute name="urn:oid:2.5.4.17" id="postalCode"/>
<Attribute name="urn:oid:2.5.4.8" id="st"/>
<Attribute name="urn:oid:2.5.4.7" id="l"/>
<Attribute name="urn:oid:2.5.4.10" id="o"/>
<Attribute name="urn:oid:2.5.4.11" id="ou"/>
<Attribute name="urn:oid:2.5.4.15" id="businessCategory"/>
<Attribute name="urn:oid:2.5.4.19" id="physicalDeliveryOfficeName"/>
<!-- UofC specials -->
<AttributeRule Name="urn:oid:1.3.6.1.4.1.6822.1.1.5" id="instID" />
<AttributeRule Name="urn:oid:1.3.6.1.4.1.6822.1.1.11" id="mailAlternative" />
<AttributeRule Name="urn:oid:1.3.6.1.4.1.6822.1.1.22" id="groupID" />
<AttributeRule Name="urn:oid:1.3.6.1.4.1.6822.1.1.38" id="misAffiliation" />
</Attributes>
