Shibboleth IDP3 Notes

From GFIPM Implementation Wiki
Jump to: navigation, search


This page is mostly just brainstorming about the use of IDP3.

Attributes from HTTP Headers

If anyone else should want to do this, this is an example of a Scripted Attribute that references a HTTP Request header.

   <AttributeDefinition id="language" xsi:type="ScriptedAttribute" customObjectRef="shibboleth.HttpServletRequest">
       <AttributeEncoder xsi:type="SAML2String" name="" friendlyName="language" encodeType="false" />
           logger = Java.type("org.slf4j.LoggerFactory").getLogger("net.shibboleth.idp.attribute");
 "Values of language were : {}", language.getValues());

Sample MFA Code

I do something like this (to see if token was requested):

     authCtx = input.getSubcontext("net.shibboleth.idp.authn.context.AuthenticationContext");
     rpCtx = authCtx.getSubcontext("net.shibboleth.idp.authn.context.RequestedPrincipalContext");
     if (rpCtx != null) {
         rps = rpCtx.getRequestedPrincipals();
         tkp = new AuthnContextClassRefPrincipal("urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken");
         if (rpCtx.getRequestedPrincipals().contains(tkp)) {
           logger.debug("RP requested token login");