shibboleth attribute (org. name) for Affiliation in Dataverse

59 views
Skip to first unread message

ofu...@gmail.com

unread,
Oct 19, 2017, 7:26:33 AM10/19/17
to Dataverse Users Community

Hi,

We have added the attributes eduPersonOrgDN: eduOrgLegalName and eduPersonOrgDN: o to the FEIDE service (a solution for secure identification in the education sector in Norway)  for our Dataverse.no. We need one of these attributes to go through shibboleth and then into Dataverse since we need organizational name/value to be assigned to “Affiliation”.

 

We have put the following in shibboleth’s attribute-map.xml for eduPersonPrincipalName (givenName, mail, sn og uid):

 

    <Attribute name="urn:oid:2.5.4.42" id="givenName"/>

    <Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/>

    <Attribute name="urn:oid:2.5.4.4" id="sn"/>

    <Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid"/>

 

But we can’t figure out an equivalent for eduPersonOrgDN:eduOrgLegalName. We understand that “name” should be urn:oid:1.3.6.1.4.1.5923.1.2.1.4, but we don’t know how to set id for it to work.

 

Anyone that can help  or point me on the right direction?

 

Thanks in advance.


Ofuuzo

Philip Durbin

unread,
Oct 19, 2017, 8:07:36 AM10/19/17
to dataverse...@googlegroups.com
Hi Ofuuzo,

This will require a code change because right now (Dataverse 4.8.1 is the current version) when you log in through Shibboleth "affiliation" will be whatever the "display name" comes out of the InCommon metadata. In practice, this data is exposed to Dataverse in JSON format at a URL called "DiscoFeed" (for "discovery feed") like this:


This feature was developed in https://github.com/IQSS/dataverse/issues/1497

I can understand how you'd want more granularity or a different value. Can you please open a new issue describing what you want?

Thanks!

Phil

p.s. Please note that we bounced around the idea of bringing the Shibboleth login experience more in line with ORCID/GitHub/Google login where values like "affiliation" are pre-populated when users create accounts but users can change them later if they want. Some thinking in this area is captured in https://github.com/IQSS/dataverse/issues/3486 but I closed that issue a while ago because it seemed like a low priority. If anyone wants to open a new issue about that, that's fine too.



--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-community+unsub...@googlegroups.com.
To post to this group, send email to dataverse-community@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/6d07beac-69ff-43db-b1da-007f7ee96018%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--

ofu...@gmail.com

unread,
Oct 19, 2017, 8:17:00 AM10/19/17
to Dataverse Users Community
Thanks Philip

Ofuuzo


torsdag 19. oktober 2017 14.07.36 UTC+2 skrev Philip Durbin følgende:
Hi Ofuuzo,

This will require a code change because right now (Dataverse 4.8.1 is the current version) when you log in through Shibboleth "affiliation" will be whatever the "display name" comes out of the InCommon metadata. In practice, this data is exposed to Dataverse in JSON format at a URL called "DiscoFeed" (for "discovery feed") like this:


This feature was developed in https://github.com/IQSS/dataverse/issues/1497

I can understand how you'd want more granularity or a different value. Can you please open a new issue describing what you want?

Thanks!

Phil

p.s. Please note that we bounced around the idea of bringing the Shibboleth login experience more in line with ORCID/GitHub/Google login where values like "affiliation" are pre-populated when users create accounts but users can change them later if they want. Some thinking in this area is captured in https://github.com/IQSS/dataverse/issues/3486 but I closed that issue a while ago because it seemed like a low priority. If anyone wants to open a new issue about that, that's fine too.


On Thu, Oct 19, 2017 at 7:26 AM, <ofu...@gmail.com> wrote:

Hi,

We have added the attributes eduPersonOrgDN: eduOrgLegalName and eduPersonOrgDN: o to the FEIDE service (a solution for secure identification in the education sector in Norway)  for our Dataverse.no. We need one of these attributes to go through shibboleth and then into Dataverse since we need organizational name/value to be assigned to “Affiliation”.

 

We have put the following in shibboleth’s attribute-map.xml for eduPersonPrincipalName (givenName, mail, sn og uid):

 

    <Attribute name="urn:oid:2.5.4.42" id="givenName"/>

    <Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/>

    <Attribute name="urn:oid:2.5.4.4" id="sn"/>

    <Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid"/>

 

But we can’t figure out an equivalent for eduPersonOrgDN:eduOrgLegalName. We understand that “name” should be urn:oid:1.3.6.1.4.1.5923.1.2.1.4, but we don’t know how to set id for it to work.

 

Anyone that can help  or point me on the right direction?

 

Thanks in advance.


Ofuuzo

--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-community+unsub...@googlegroups.com.
To post to this group, send email to dataverse...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages