Difference between revisions of "Shibboleth IDP3 Notes"

Latest revision as of 18:41, 13 December 2016

About

This page is mostly just brainstorming about the use of IDP3.

Attributes from HTTP Headers

If anyone else should want to do this, this is an example of a Scripted Attribute that references a HTTP Request header.

   <AttributeDefinition id="language" xsi:type="ScriptedAttribute" customObjectRef="shibboleth.HttpServletRequest">
       <AttributeEncoder xsi:type="SAML2String" name="https://idpx.uantwerpen.be/attributes/language" friendlyName="language" encodeType="false" />
       <Script>
         <![CDATA[
           language.addValue(custom.getHeader('Accept-Language'));
           logger = Java.type("org.slf4j.LoggerFactory").getLogger("net.shibboleth.idp.attribute");
           logger.info("Values of language were : {}", language.getValues());
         ]]>
       </Script>
   </AttributeDefinition>

Sample MFA Code

I do something like this (to see if token was requested):

     authCtx = input.getSubcontext("net.shibboleth.idp.authn.context.AuthenticationContext");
     rpCtx = authCtx.getSubcontext("net.shibboleth.idp.authn.context.RequestedPrincipalContext");
     if (rpCtx != null) {
         rps = rpCtx.getRequestedPrincipals();
         tkp = new AuthnContextClassRefPrincipal("urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken");
         if (rpCtx.getRequestedPrincipals().contains(tkp)) {
           logger.debug("RP requested token login");
         }
     }