Skip to content
/ shibboleth-idp-attribute-authnid Public

ECA Auth AuthnID -calculation implementation for Shibboleth Identity Provider 3

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mpassid/shibboleth-idp-attribute-authnid

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
src
src
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

ECA AuthnID calculator

License Build Status Coverage Status

Overview

This module is a Data Connector plugin for Shibboleth Identity Provider v3. It implements AuthnID-calculation part for the ECA Auth Proxy -module, as defined in EduCloud Alliance's ECA Authentication standard. In short, this module can be used for calculating a unique privacy-preserving identifier for the authenticated principals.

Prerequisities and compilation

mvn package

After successful compilation, the target directory contains shibboleth-idp-attribute-authnid-<version>.zip.

Deployment

After compilation, the target/idp-attribute-impl-authnid-<version>.jar must be deployed to the IdP Web application. Depending on the IdP installation, the module deployment may be achieved for instance with the following sequence:

cp target/idp-attribute-impl-authnid-<version>.jar /opt/shibboleth-idp/edit-webapp/WEB-INF/lib
cd /opt/shibboleth-idp
sh bin/build.sh

The final command will rebuild the war-package for the IdP application.

Configuration

XML-namespace settings

In addition to the existing ones, the attribute-resolver.xml must contain the following XML-namespace declarations to activate the module:

xmlns:ecaid="fi.mpass.shibboleth.attribute.dc.authnid"
xsi:schemaLocation="fi.mpass.shibboleth.attribute.dc.authnid classpath:/eca-authnid-connector.xsd

The following configuration attributes are available for the DataConnector itself:

  • srcAttributeNames: Comma-separated list of attribute names to be used for calculating the authnID.
  • destAttributeName: The destination attribute name where to set the calculated authnID.
  • prefixSalt (optional): The prefix salt to be used before calculating the authnID.
  • postfixSalt (optional): The postfix salt to be appended before calculating the authnID.
  • minInputLength (optional): The minimum length for the unsalted input before calculating the authnID. Default 10.
  • skipCalculation (optional): Comma-separated list of 'attribute_name'='attribute_value' pairs for skipping the authnID calculation.
  • skipCalculationSrc (optional): The source attribute used as a destination attribute if the authnID calculation has been skipped (see skipCalculation).

An example snippet of minimal configuration in attribute-resolver.xml, which uses uid attribute as source and calculates the result to SAML attribute with friendly name authnId:

<resolver:AttributeDefinition id="authnid" xsi:type="ad:Simple">
    <resolver:Dependency ref="calculateAuthnId" />
    <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:TODO:namespace:authnID" friendlyName="authnid" encodeType="false" />
</resolver:AttributeDefinition>

<resolver:DataConnector id="calculateAuthnId" xsi:type="ecaid:AuthnIdDataConnector" srcAttributeNames="uid" destAttributeName="authnid">
    <resolver:Dependency ref="uid" />
</resolver:DataConnector>

About

ECA Auth AuthnID -calculation implementation for Shibboleth Identity Provider 3

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages