eduPersonEntitlement
30 views
Skip to first unread message
Sakhi Hadebe
Jul 3, 2015, 5:01:12 AM7/3/15
to simple...@googlegroups.com
Hi,
--
We have just installed the DJNRO application. We are trying to enable the federation login using the shibboleth software.
One of the mandatory attributes, eduPersonEntitlement, the service provider requires is not released by our IdP.
Is there a way of defining it on authproc.idp in the config/config.php file or creating a scope for it?
I need help.
Regards,
Sakhi
Hadebe
Engineer: South African National Research Network (SANReN)Competency Area, Meraka, CSIR Tel: +27 12 841 2308 Fax: +27 12 841 4223 Cell: +27 71 331 9622 Email: sa...@sanren.ac.za
Jaime Perez Crespo
Jul 3, 2015, 5:10:30 AM7/3/15
to simple...@googlegroups.com
Hi,
> On 03 Jul 2015, at 11:01 am, Sakhi Hadebe <sa...@sanren.ac.za> wrote:
> Hi,
>
> We have just installed the DJNRO application. We are trying to enable the federation login using the shibboleth software.
>
> One of the mandatory attributes, eduPersonEntitlement, the service provider requires is not released by our IdP.
>
> Is there a way of defining it on authproc.idp in the config/config.php file or creating a scope for it?
Should I understand that you are using SimpleSAMLphp in your IdP?
In that case:
https://simplesamlphp.org/docs/stable/simplesamlphp-reference-sp-remote
--
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
> On 03 Jul 2015, at 11:01 am, Sakhi Hadebe <sa...@sanren.ac.za> wrote:
> Hi,
>
> We have just installed the DJNRO application. We are trying to enable the federation login using the shibboleth software.
>
> One of the mandatory attributes, eduPersonEntitlement, the service provider requires is not released by our IdP.
>
> Is there a way of defining it on authproc.idp in the config/config.php file or creating a scope for it?
In that case:
https://simplesamlphp.org/docs/stable/simplesamlphp-reference-sp-remote
--
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
Peter Schober
Jul 3, 2015, 6:03:50 AM7/3/15
to simple...@googlegroups.com
* Sakhi Hadebe <sa...@sanren.ac.za> [2015-07-03 11:01]:
DjNRO logins anyway. We found that completely unnecessary and configured
DjNRO to not require it (by setting SHIB_AUTH_ENTITLEMENT = '').
Getting all IDPs to configure that entitlement for selected people
only to be able to access DjNRO and document WiFi Access Point
locations isn't worth the trouble, IMO.
-peter
> One of the mandatory attributes, eduPersonEntitlement, the service provider
> requires is not released by our IdP.
Also note that you may chose to not require that entitlement for
> requires is not released by our IdP.
DjNRO logins anyway. We found that completely unnecessary and configured
DjNRO to not require it (by setting SHIB_AUTH_ENTITLEMENT = '').
Getting all IDPs to configure that entitlement for selected people
only to be able to access DjNRO and document WiFi Access Point
locations isn't worth the trouble, IMO.
-peter
Peter Schober
Jul 3, 2015, 6:07:41 AM7/3/15
to simple...@googlegroups.com
* Jaime Perez Crespo <jaime...@uninett.no> [2015-07-03 11:10]:
> https://simplesamlphp.org/docs/stable/simplesamlphp-reference-sp-remote
Those files will be replaced on each metarefresh invocation (a
function of SSP not differntiating between software configuration and
metadata for remote SPs).
How is it possible to configure things for an SP without
a. losing it on the next metadata update, or
b. throwing additional tooling at the problem?
(downloading, validating and diffing metadata yourself, or using
something like https://github.com/gollmann/MetaMerge)
-peter
> https://simplesamlphp.org/docs/stable/simplesamlphp-reference-sp-remote
Those files will be replaced on each metarefresh invocation (a
function of SSP not differntiating between software configuration and
metadata for remote SPs).
How is it possible to configure things for an SP without
a. losing it on the next metadata update, or
b. throwing additional tooling at the problem?
(downloading, validating and diffing metadata yourself, or using
something like https://github.com/gollmann/MetaMerge)
-peter
Jaime Perez Crespo
Jul 3, 2015, 6:59:13 AM7/3/15
to simple...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages