Skip to Content.

edugain-discuss - Re: [eduGAIN-discuss] Controlling which SPs have authentication access via Shibboleth

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive


Re: [eduGAIN-discuss] Controlling which SPs have authentication access via Shibboleth


Chronological Thread 
    < Chronological >      < Thread >
  • From: Albert Wu <awu AT internet2.edu>
  • To: Daniel Muscat <daniel.muscat AT um.edu.mt>, "edugain-discuss AT lists.geant.org" <edugain-discuss AT lists.geant.org>
  • Subject: Re: [eduGAIN-discuss] Controlling which SPs have authentication access via Shibboleth
  • Date: Thu, 25 Apr 2024 19:22:04 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=internet2.edu; dmarc=pass action=none header.from=internet2.edu; dkim=pass header.d=internet2.edu; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6CjE2dx2hAmGG6wR9PrxBQ4NW/NIwUW6xkj6Vvj9Z78=; b=oUpyji2H5qXdJl5ZOKy6qHS1VtUbnRiHRB2Wt2DoYvsCIL/eC1plP8/tefLuvBEMKPgFbwRfNI2kh9LTJsUR4Q4uj/OUhm0sqWpn/DRNDm87fn0Io5eu1WWTltIaLaQycV7THmlOJTK2LjbGvMFMGtaDyBV07aKepPU41rHKPs878yJlDBhD5GqHrYC+ZatHRdxcU2u8fltiGJpBBr+bxZqKUVfFzkvNVeUdwc/69W9zMajdd/3euqQYo4quXKPg7OFDoKhiw3NlLB2F72hUFnHRndHQ0ZJ/7Wa426ZdBL5nbChSho035RNJ0muKnm35L2AWi6MjgEv2+7CoReAaNQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ic0pzdklhiu0b4+GflIjSMznjxFCDLt1zGFTX5YJxksTnJaIkxeFFJJJ26elCYYt3csF0wd8sdcB3+bgOAU4URo0+gkcPrbfKW1oP54OL4sLmZlbYA6ar+QSumZsswja1nLoorAfmhgGMF53v0boUXOWHnCbnqIFtK9XlG4an+DE+xY42DsrIF3I7mPrdwe8wGetk58bGs4spYfClYP1JCvtEENT3gdW7v8sFmtLKbjC5qt685ilH+F5bpyLEevBF77X3zz9sOmRYr6N9y3PiAvB7TexD2qbIQRGJ7BCjtUxOvZFkPaN6vGs2v9h0nNTypzJ6TcPmAVTsR/YtJ2b0w==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=internet2.edu;

Daniel,

 

If you are comfortable with editing XML,  the attribute-filter.xml, attribute-resolver.xml family of configuration files in Shibboleth are where you configure SP integration and attribute release policies:

https://shibboleth.atlassian.net/wiki/spaces/IDP5/pages/3199501794/AttributeFilterConfiguration

https://shibboleth.atlassian.net/wiki/spaces/IDP5/pages/3199502864/AttributeResolverConfiguration

 

For those of us who rather use a graphical interface, a Shibboleth IdP UI developed by Unicon and Internet2 is in public beta:

 

Datasheet:  https://www.unicon.net/hubfs/Shib_IdP_UI-datasheet.pdf

User Guide: https://spaces.at.internet2.edu/display/SMMU/Shibboleth+IdP+UI+User+Guide

 

albert

 

 

On 4/25/24, 11:13AM, "edugain-discuss-request AT lists.geant.org" <edugain-discuss-request AT lists.geant.org> wrote:

 

Dear all

 

 

I have successfully integrated a Shibboleth IDP to function as an intermediary for Azure AD. I followed your previous recommendation, which was helpful, and now I have another question. I need a system that can manage the list of Service Providers allowed for authentication and enable me to modify the attributes to send. Could you please suggest what you usually recommend to your clients or use yourself?

 

--

Thanks in advance

Daniel Muscat

RicerkaNet Identity Federation/University of Malta


The contents of this email are subject to these terms.


Archive powered by MHonArc 2.6.24.

Top of Page