From af0294d5f773bc071128b1ec1712c62f587c7b0a Mon Sep 17 00:00:00 2001 From: Markus Krogh Date: Wed, 27 Sep 2017 17:30:38 +0200 Subject: eduPersonEntitlement without scritpt :) --- apache-sp/apache-conf/sp.conf | 5 +- apache-sp/secure/index.shtml | 1 + idp/template-config/attribute-filter.xml | 179 ++++++++++++++++++++++------- idp/template-config/attribute-resolver.xml | 43 ++++++- idp/template-config/test.xml | 57 --------- 5 files changed, 185 insertions(+), 100 deletions(-) delete mode 100644 idp/template-config/test.xml diff --git a/apache-sp/apache-conf/sp.conf b/apache-sp/apache-conf/sp.conf index 6678f8e..587004d 100644 --- a/apache-sp/apache-conf/sp.conf +++ b/apache-sp/apache-conf/sp.conf @@ -45,9 +45,9 @@ SSLHonorCipherOrder on ShibRequireSession On require valid-user Options +Includes - Header set X_REMOTE_USER %{eduPersonPrincipalName}e + Header set X_REMOTE_USER %{eppn}e Header set UID %{uid}e - Header set EPPN %{eduPersonPrincipalName}e + Header set EPPN %{eppn}e Header set MAIL %{mail}e Header set GIVENNAME %{givenName}e Header set DISPLAYNAME %{displayName}e @@ -55,6 +55,7 @@ SSLHonorCipherOrder on Header set AFFILIATION %{affiliation}e Header set UNSCOPED_AFFILIATION %{unscoped_affiliation}e Header set EMPLOYEETYPE %{employeeType}e + Header set EDU_PERSON_ENTITLEMENT %{entitlement}e AddType text/html .shtml AddOutputFilter INCLUDES .shtml diff --git a/apache-sp/secure/index.shtml b/apache-sp/secure/index.shtml index f22666f..bd8233d 100644 --- a/apache-sp/secure/index.shtml +++ b/apache-sp/secure/index.shtml @@ -19,6 +19,7 @@
  • employeeType:
  • Affiliation:
  • Unscoped affiliation:
  • +
  • eduPersonEntitlement:
  • diff --git a/idp/template-config/attribute-filter.xml b/idp/template-config/attribute-filter.xml index 4543e99..eae2abe 100644 --- a/idp/template-config/attribute-filter.xml +++ b/idp/template-config/attribute-filter.xml @@ -13,44 +13,145 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd"> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/idp/template-config/attribute-resolver.xml b/idp/template-config/attribute-resolver.xml index e761920..1020fc4 100644 --- a/idp/template-config/attribute-resolver.xml +++ b/idp/template-config/attribute-resolver.xml @@ -106,8 +106,28 @@ - - + + + + + urn:x-ldapgroup:ndn-sysadmin + cn=ndn-sysadmin,ou=groups,dc=nordu,dc=net + + + urn:x-ldapgroup:ndn-netadmin + cn=ndn-netadmin,ou=groups,dc=nordu,dc=net + + + urn:x-ldapgroup:ndn-secadmin + cn=ndn-secadmin,ou=groups,dc=nordu,dc=net + + + + + + + +