IT Services has migrated the content of spaces.ais.ucla.edu to Atlassian Confluence Cloud. Please visit https://ucla-confluence.atlassian.net to update your space/s. Spaces.ais.ucla.edu is now in read-only mode through July 31st, 2024
...
Note | ||
---|---|---|
| ||
I am still working to determine the best way to handle IDP 1.3 configuration. Since OID-based attribute naming is a SAML 2 specification, it is difficult for 1.3 IDPs to just support OID-based attribute names. The example below is a guess. I am currently testing/researching whether it works. Stay tuned. With the example below, both attributes have to be released to an application in order for OID-based attribute to work. If MACE-defined attribute is not released as well the OID-based attribute will not be inline scoped and thus rejected by the SP's attribute-polcy. |
Edit resolver.xml to include the following configuration:
Code Block | ||||
---|---|---|---|---|
| ||||
<!-- replace 'urn:mace:ucla.edu:edimi:attributes:uclaLogonID' with the name of your NetID attribute --> <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrincipalName" smartScope="ucla.edu"> <AttributeDependency requires="urn:mace:ucla.edu:edimi:attributes:uclaLogonID" /> </SimpleAttributeDefinition> <SimpleAttributeDefinition id="urn:oid:1.3.6.1.4.1.5923.1.1.1.6e6" smartScopesourceName="ucla.eduurn:mace:dir:attribute-def:eduPersonPrincipalName"> <AttributeDependency requires="urn:mace:ucla.edu:edimi:attributes:uclaLogonID" /> dir:attribute-def:eduPersonPrincipalName"/> </SimpleAttributeDefinition> |
Configuring eppn in IDP 2.1
...