Versions Compared

Old Version 6

changes.mady.by.user Former user

Saved on

compared with

New Version 7

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


1. Define any custom attributes that will be needed (there may only be a single attribute) in attribute-resolver.xml

 

Code Block
languagexml
<!-- cccEduID - only needed if LDAP contains this attribute, edit sourceAttributeID as appropriate -->

...


 <!--

...


 <resolver:AttributeDefinition xsi:type="ad:Simple" id="cccEduId" sourceAttributeID="cccEduId">

...


  <resolver:Dependency ref="myLDAP" />

...


  <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:cccEduId" />

...


  <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:mace:dir:attribute-def:cccEduId" />

...


 </resolver:AttributeDefinition>

...


 -->

 

**There will also need to be a way of sending the correct eduPersonAffiliation attribute, with a value of 'staff'. There are many ways to do that, all are beyond the scope of this short document (unless, of course, the institution already has that attribute in their LDAP, in which case simply uncommenting the existing definition for eduPersonAffiliation in attribute-resolver.xml will do the trick).

...



3. Configure the SAML metadata for the CCC applications by editing relyingmetadata-partyproviders.xmlInside the "chaining" <MetadataProvider> section - be .

Note: Be sure to add the referenced local file with content below first

...

<.

 

Code Block
languagexml
 <!-- OpenCCC Metadata, locally maintained -->

...


 <MetadataProvider id="OpenCCCSPfileMD" xsi:type="

...

FilesystemMetadataProvider"

...


        metadataFile="C:\opt\shibboleth-idp/metadata/OpenCCCSP-static-metadata.xml"

...


        maxRefreshDelay="P1D" />

 



4. Configure Shibboleth to release the appropriate information to the CCC applications by editing attribute-filter.xml

...

 

Code Block
languagexml
<AttributeFilterPolicy id="releaseForOpenCCCAdminSP">

...


        <PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="https://admin.openccc.net/shibboleth" />

...


 
        <AttributeRule attributeID="givenName">

...


            <PermitValueRule xsi:type="basic:ANY" />

...


        </

...

AttributeRule>
  <AttributeRule attributeID="surname">

...


            <PermitValueRule xsi:type="basic:ANY" />

...


        </

...

AttributeRule>
  <AttributeRule attributeID="email">

...


            <PermitValueRule xsi:type="basic:ANY" />

...


        </

...

AttributeRule>
  <AttributeRule attributeID="eduPersonPrincipalName">

...


            <PermitValueRule xsi:type="basic:ANY" />

...


        </

...

AttributeRule>
  <AttributeRule attributeID="displayName">

...


            <PermitValueRule xsi:type="basic:ANY" />

...


        </

...

AttributeRule>
        <AttributeRule attributeID="eduPersonAffiliation">

...


            <PermitValueRule xsi:type="basic:OR">

...


                <basic:Rule xsi:type="basic:AttributeValueString" value="faculty" ignoreCase="true" />

...


                <basic:Rule xsi:type="basic:AttributeValueString" value="student" ignoreCase="true" />

...


                <basic:Rule xsi:type="basic:AttributeValueString" value="staff" ignoreCase="true" />

...


                <basic:Rule xsi:type="basic:AttributeValueString" value="alum" ignoreCase="true" />

...


                <basic:Rule xsi:type="basic:AttributeValueString" value="member" ignoreCase="true" />

...


                <basic:Rule xsi:type="basic:AttributeValueString" value="affiliate" ignoreCase="true" />

...


                <basic:Rule xsi:type="basic:AttributeValueString" value="employee" ignoreCase="true" />

...


                <basic:Rule xsi:type="basic:AttributeValueString" value="library-walk-in" ignoreCase="true" />

...


            </

...

PermitValueRule>
        </

...

AttributeRule>
    </

...

AttributeFilterPolicy>
 
    <AttributeFilterPolicy id="releaseForOpenCCCControlSP">

...


        <PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="https://ci.control.openccc.net/shibboleth" />

...


 
        <AttributeRule attributeID="givenName">

...


            <PermitValueRule xsi:type="basic:ANY" />

...


        </

...

AttributeRule>
  <AttributeRule attributeID="surname">

...


            <PermitValueRule xsi:type="basic:ANY" />

...


        </

...

AttributeRule>
  <AttributeRule attributeID="email">

...


            <PermitValueRule xsi:type="basic:ANY" />

...


        </

...

AttributeRule>
  <AttributeRule attributeID="eduPersonPrincipalName">

...


            <PermitValueRule xsi:type="basic:ANY" />

...


        </

...

AttributeRule>
  <AttributeRule attributeID="displayName">

...


            <PermitValueRule xsi:type="basic:ANY" />

...


        </

...

AttributeRule>
        <AttributeRule attributeID="eduPersonAffiliation">

...


            <PermitValueRule xsi:type="basic:OR">

...


                <basic:Rule xsi:type="basic:AttributeValueString" value="faculty" ignoreCase="true" />

...


                <basic:Rule xsi:type="basic:AttributeValueString" value="student" ignoreCase="true" />

...


                <basic:Rule xsi:type="basic:AttributeValueString" value="staff" ignoreCase="true" />

...


                <basic:Rule xsi:type="basic:AttributeValueString" value="alum" ignoreCase="true" />

...


                <basic:Rule xsi:type="basic:AttributeValueString" value="member" ignoreCase="true" />

...


                <basic:Rule xsi:type="basic:AttributeValueString" value="affiliate" ignoreCase="true" />

...


                <basic:Rule xsi:type="basic:AttributeValueString" value="employee" ignoreCase="true" />

...


                <basic:Rule xsi:type="basic:AttributeValueString" value="library-walk-in" ignoreCase="true" />

...


            </

...

PermitValueRule>
        </

...

AttributeRule>
    </

...

AttributeFilterPolicy>



5. Send your IDP metadata file to CCCTC Implementation team.

...