| Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
docpublic:systemes:persistentnameid [2022/05/02 21:00]
adminjp [test / validate with aacli] |
docpublic:systemes:persistentnameid [2022/05/03 08:20] (current)
adminjp [idp v4 logs] |
| |
| === idp v4 === | === idp v4 === |
| | |
| | quite the same as in V3 , except here we choose mail attribute and validate advice to use BASE32 encoding |
| |
| <code> | <code> |
| |
| === idp v4 === | === idp v4 === |
| | |
| | uncomment bean="shibboleth.SAML2PersistentGenerator" |
| |
| <code> | <code> |
| | [root@idp4 conf]# vim saml-nameid.xml |
| | |
| <!-- SAML 2 NameID Generation --> | <!-- SAML 2 NameID Generation --> |
| <util:list id="shibboleth.SAML2NameIDGenerators"> | <util:list id="shibboleth.SAML2NameIDGenerators"> |
| </code> | </code> |
| |
| | === resolver idp 4 === |
| | |
| | xml syntaxe changes sligthly : |
| | |
| | <code> |
| | [root@idp4 conf]# vim attribute-resolver-ldap.xml |
| | |
| | <!-- jeh edupersonTargetedID eduroam monitor --> |
| | <AttributeDefinition xsi:type="SAML2NameID" id="eduPersonTargetedID" |
| | nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" > |
| | <InputDataConnector ref="computed" attributeNames="computedId" /> |
| | <AttributeEncoder xsi:type="SAML1XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" /> |
| | <AttributeEncoder xsi:type="SAML2XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" friendlyName="eduPersonTargetedID" /> |
| | </AttributeDefinition> |
| | |
| | <!-- jeh edupersonTargetedID eduroam monitor --> |
| | <DataConnector id="computed" xsi:type="ComputedId" |
| | excludeResolutionPhases="c14n/attribute" |
| | generatedAttributeID="computedId" |
| | salt="%{idp.persistentId.salt}" |
| | algorithm="%{idp.persistentId.algorithm:SHA}" |
| | encoding="BASE32"> |
| | |
| | <InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}" /> |
| | |
| | </DataConnector> |
| | </code> |
| |
| ===== test / validate with aacli ====== | ===== test / validate with aacli ====== |
| |
| <code> | <code> |
| 2022-05-02 22:50:53,593 - 157.159.21.19 - INFO [Shibboleth-Audit.SSO:283] - 157.159.21.19|2022-05-02T20:50:25.379162Z|2022-05-02T20:50:53.593227Z|procac|https://monitor.eduroam.org/sp/module.php/saml/sp/metadata.php/default-sp|_5265b1224215d57621ebc3dd7e2263a5|password|2022-05-02T20:50:41.088993Z|mail,eduPersonTargetedID,displayName|AAdzZWNyZXQxfd6FaL2H/oTzHRhzrhRYxB4SV1aFGDPXSKgf8zyheoU7yyMyorGzsRIiss4rp0v/kQTJARgY693ws9C2ZVVfJ1AguusrwvXlzIDKsXNispCRrjWnL7UOuyXxgfPo1I9EopKzRRcf0HI2RXd9cRI7UQIuuI1ufkrTMS/TzuuSEZzd96bfeUA=|transient|false|true|AES128-CBC|Redirect|POST||Success||d2c06d37c962ed62666b31a6791aaf0a1b27467c8719dcbb865de58ed67b78f5|Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.3 | 2022-05-02 22:50:53,593 - 157.159.10.9 - INFO [Shibboleth-Audit.SSO:283] - 157.159.10.9|2022-05-02T20:50:25.379162Z|2022-05-02T20:50:53.593227Z|procac|https://monitor.eduroam.org/sp/module.php/saml/sp/metadata.php/default-sp|_5265b1224215d57621ebc3dd7e2263a5|password|2022-05-02T20:50:41.088993Z|mail,eduPersonTargetedID,displayName|AAdzZWNyZXQxfd6FaL2H/oTzHRhzrhRYxB4SV1aFGDPXSKgf8zyheoU7yyMyorGzsRIiss4rp0v/kQTJARgY693ws9C2ZVVfJ1AguusrwvXlzIDKsXNispCRrjWnL7UOuyXxgfPo1I9EopKzRRcf0HI2RXd9cRI7UQIuuI1ufkrTMS/TzuuSEZzd96bfeUA=|transient|false|true|AES128-CBC|Redirect|POST||Success||d2c06d37c962ed62666b31a6791aaf0a1b27467c8719dcbb865de58ed67b78f5|Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.3 |
| </code> | </code> |
| |
