Shibboleth IDP3 Notes
From GFIPM Implementation Wiki
About
This page is mostly just brainstorming about the use of IDP3.
Attributes from HTTP Headers
If anyone else should want to do this, this is an example of a Scripted Attribute that references a HTTP Request header.
<AttributeDefinition id="language" xsi:type="ScriptedAttribute" customObjectRef="shibboleth.HttpServletRequest"> <AttributeEncoder xsi:type="SAML2String" name="https://idpx.uantwerpen.be/attributes/language" friendlyName="language" encodeType="false" /> <Script> <![CDATA[ language.addValue(custom.getHeader('Accept-Language')); logger = Java.type("org.slf4j.LoggerFactory").getLogger("net.shibboleth.idp.attribute"); logger.info("Values of language were : {}", language.getValues()); ]]> </Script> </AttributeDefinition>
Sample MFA Code
I do something like this (to see if token was requested):
authCtx = input.getSubcontext("net.shibboleth.idp.authn.context.AuthenticationContext"); rpCtx = authCtx.getSubcontext("net.shibboleth.idp.authn.context.RequestedPrincipalContext"); if (rpCtx != null) { rps = rpCtx.getRequestedPrincipals(); tkp = new AuthnContextClassRefPrincipal("urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken"); if (rpCtx.getRequestedPrincipals().contains(tkp)) { logger.debug("RP requested token login"); } }