IDEM Conf Service¶
The attributes in use in the IDEM Federation are listed in the PDF document Technical specifications for the compilation and use of attributes. For the eduPersonScopedAffiliation attribute, there is a dedicated in-depth page available: Attribute Affiliation (italian).
Configuration File¶
Attribute Resolver¶
The Attribute Resolver for Shibboleth Identity Provider is the configuration file where:
- attributes are defined
- the sources of their values are linked (e.g.: Data Collector)
- values are collected which will then be released following the rules defined in the Attribute Filter.
Further insights of the Attribute Resolver service available in: HowToReleaseAttributesShibv4 (italian).
Shibboleth Identity Provider¶
The IDEM Service distributes, for illustrative purposes, the following Attribute Resolvers, running on Shibboleth Identity Providers installed and configured following the guides (italian) maintained by the Service, in order to minimize problems related to failure to support attributes used in the IDEM Federation:
-
Attribute Resolver for Shibboleth IdP >= 5.0.0:
-
Attribute Resolver for Shibboleth IdP >= 4.0.1:
-
Attribute Resolver for Shibboleth IdP < 3.3.x - DEPRECATED:
-
Attribute Resolver for Shibboleth IdP >= 3.3.x - DEPRECATED:
-
Attribute Resolver for Shibboleth IdP >= 3.4.x - DEPRECATED:
Attribute Filter¶
The Attribute Filter for an Identity Provider is the configuration file that governs the release of attributes to federated resources.
The IDEM Service distributes, for illustrative purposes, working configuration files for Shibboleth Identity Provider and simpleSAMLphp Identity Provider installed and configured following the guides (italian) curated by the Service itself in order to minimize problems related to the failure of Federation Members to release attributes.
Types of Attribute Filter¶
| Attribute Filter | Description |
|---|---|
| custom | Contains rules for releasing attributes to resources that follow special rules on released values or do not declare attributes in metadata |
| ec | contains the attribute release rules for SPs implementing the Entity Category |
| fed | contains rules for the release of: all possible attributes to IDEM Test SPs; all attributes needed by IDEM Entity Registry; all attributes needed for access to federated resources in IDEM (italian); eduPersonTargetedID (if not supported “persistent” NameID or if not listed as RequestedAttribute in the SP metadata); eduPersonScopedAffiliation to all IDEM resources (see Technical Specifications for Attribute Release (italian)) for information on the values used in IDEM. |
| full | contains the rules for releasing the attributes of fed, custom and ec. |
Shibboleth Attribute Filter¶
| Attribute Filter | IDP Version | ARP Shibboleth |
|---|---|---|
| full | >= 5.0.0 | idem-attribute-filter-shib-v5-full.xml |
| fed | >= 5.0.0 | idem-attribute-filter-shib-v5-fed.xml |
| custom | >= 5.0.0 | idem-attribute-filter-shib-v5-custom.xml |
| ec | >= 5.0.0 | idem-attribute-filter-shib-v5-ec.xml |
| full | >= 4.0.1 (DEPRECATED) | idem-attribute-filter-shib-v4-full.xml |
| fed | >= 4.0.1 (DEPRECATED) | idem-attribute-filter-shib-v4-fed.xml |
| custom | >= 4.0.1 (DEPRECATED) | idem-attribute-filter-shib-v4-custom.xml |
| ec | >= 4.0.1 (DEPRECATED) | idem-attribute-filter-shib-v4-ec.xml |
| full | >= 3.2.0 (DEPRECATED) | idem-attribute-filter-shib-v3-full.xml |
| fed | >= 3.2.0 (DEPRECATED) | idem-attribute-filter-shib-v3-fed.xml |
| custom | >= 3.2.0 (DEPRECATED) | idem-attribute-filter-shib-v3-custom.xml |
| ec | >= 3.2.0 (DEPRECATED) | idem-attribute-filter-shib-v3-ec.xml |
SimpleSAMLphp Attribute Filter¶
| Attribute Filter | Versione IDP | ARP SimpleSAMLphp |
|---|---|---|
| full | 2.x.x | idem-attribute-filter-ssp-v2x-full.php |
| full | 1.x.x (DEPRECATED) | idem-attribute-filter-ssp-v1x-full.php |