Kopierad till ny Wiki

Många universitet och högskolor som är medlemmar i Swamid använder attribut i norEduPerson, norEduPersonOrg och norEduPersonOrgUnit (http://gnomis.cvs.sourceforge.net/viewvc/gnomis/norEdu/). Det är lämpligt att även dessa attributnamn används för SAML WebSSO. Nedan finns definitioner för attributen.

Konfiguration för Shibboleth

Konfigurationerna under denna sida fungerar endast för Shibboleth 2 eller senare. För simpleSAMLphp och ADFS2 kan konfigurationsexemplen endast användas som inspiration.

Följande definitioner krävs i attribute-map.xml för en Service Provider:

<Attribute name="urn:mace:dir:attribute-def:norEduPersonLegalName" id="norEduPersonLegalName"/>
<Attribute name="urn:mace:dir:attribute-def:norEduPersonNIN" id="norEduPersonNIN"/>
<Attribute name="urn:mace:dir:attribute-def:norEduPersonLIN" id="norEduPersonLIN"/>
<Attribute name="urn:mace:dir:attribute-def:norEduOrgAcronym" id="norEduOrgAcronym"/>
<Attribute name="urn:mace:dir:attribute-def:norEduPersonBirthDate" id="norEduPersonBirthDate"/>
<Attribute name="urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier" id="norEduOrgUniqueIdentifier"/>
<Attribute name="urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier" id="norEduOrgUnitUniqueIdentifier"/>
<Attribute name="urn:mace:dir:attribute-def:norEduOrgNIN" id="norEduOrgNIN"/>
<Attribute name="urn:mace:dir:attribute-def:norEduOrgUniqueNumber" id="norEduOrgUniqueNumber"/>
<Attribute name="urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber" id="norEduOrgUnitUniqueNumber"/>

<Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.10" id="norEduPersonLegalName"/>
<Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.5" id="norEduPersonNIN"/>
<Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.4" id="norEduPersonLIN"/>
<Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.6" id="norEduOrgAcronym"/>
<Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.3" id="norEduPersonBirthDate"/>
<Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.7" id="norEduOrgUniqueIdentifier"/>
<Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.8" id="norEduOrgUnitUniqueIdentifier"/>
<Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.12" id="norEduOrgNIN"/>
<Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.1" id="norEduOrgUniqueNumber"/>
<Attribute name="urn:oid:1.3.6.1.4.1.2428.90.1.2" id="norEduOrgUnitUniqueNumber"/>


Följande definitioner krävs i attribute-resolver.xml för en Identity Provider:

Alla definitioner i nedanstående ruta förutsätter att du kan läsa attributen direkt ur LDAP genom en datakonnektor som heter myLDAP.

    <!-- Schema: norEdu* attributes -->

    <resolver:AttributeDefinition id="norEduPersonLegalName" xsi:type="Simple"
        xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="norEduPersonLegalName">
        <resolver:Dependency ref="myLDAP" />

        <resolver:AttributeEncoder xsi:type="SAML1String"
            xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:mace:dir:attribute-def:norEduPersonLegalName" />

        <resolver:AttributeEncoder xsi:type="SAML2String"
            xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:oid:1.3.6.1.4.1.2428.90.1.10" friendlyName="norEduPersonLegalName" />
    </resolver:AttributeDefinition>

    <resolver:AttributeDefinition id="norEduPersonNIN" xsi:type="Simple"
        xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="norEduPersonNIN">
        <resolver:Dependency ref="myLDAP" />

        <resolver:AttributeEncoder xsi:type="SAML1String"
            xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:mace:dir:attribute-def:norEduPersonNIN" />

        <resolver:AttributeEncoder xsi:type="SAML2String"
            xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:oid:1.3.6.1.4.1.2428.90.1.5" friendlyName="norEduPersonNIN" />
    </resolver:AttributeDefinition>

    <resolver:AttributeDefinition id="norEduPersonLIN" xsi:type="Simple"
        xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="norEduPersonLIN">
        <resolver:Dependency ref="myLDAP" />

        <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:mace:dir:attribute-def:norEduPersonLIN" />

        <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:oid:1.3.6.1.4.1.2428.90.1.4" friendlyName="norEduPersonLIN" />
    </resolver:AttributeDefinition>

    <resolver:AttributeDefinition id="norEduOrgAcronym" xsi:type="Simple"
        xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="norEduOrgAcronym">
        <resolver:Dependency ref="myLDAP" />

        <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:mace:dir:attribute-def:norEduOrgAcronym" />

        <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:oid:1.3.6.1.4.1.2428.90.1.6" friendlyName="norEduOrgAcronym" />
    </resolver:AttributeDefinition>

    <resolver:AttributeDefinition id="norEduPersonBirthDate" xsi:type="Simple"
        xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="norEduPersonBirthDate">
        <resolver:Dependency ref="myLDAP" />

        <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:mace:dir:attribute-def:norEduPersonBirthDate" />

        <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:oid:1.3.6.1.4.1.2428.90.1.3" friendlyName="norEduPersonBirthDate" />
    </resolver:AttributeDefinition>

    <resolver:AttributeDefinition id="norEduOrgUniqueIdentifier" xsi:type="Simple"
        xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="norEduOrgUniqueIdentifier">
        <resolver:Dependency ref="myLDAP" />

        <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier" />

        <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:oid:1.3.6.1.4.1.2428.90.1.7" friendlyName="norEduOrgUniqueIdentifier" />
    </resolver:AttributeDefinition>

    <resolver:AttributeDefinition id="norEduOrgUnitUniqueIdentifier" xsi:type="Simple"
        xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="norEduOrgUnitUniqueIdentifier">
        <resolver:Dependency ref="myLDAP" />

        <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier" />

        <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:oid:1.3.6.1.4.1.2428.90.1.8" friendlyName="norEduOrgUnitUniqueIdentifier" />
    </resolver:AttributeDefinition>

    <resolver:AttributeDefinition id="norEduOrgNIN" xsi:type="Simple"
        xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="norEduOrgNIN">
        <resolver:Dependency ref="myLDAP" />

        <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:mace:dir:attribute-def:norEduOrgNIN" />

        <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:oid:1.3.6.1.4.1.2428.90.1.12" friendlyName="norEduOrgNIN" />
    </resolver:AttributeDefinition>

    <resolver:AttributeDefinition id="norEduOrgUniqueNumber" xsi:type="Simple"
        xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="norEduOrgUniqueNumber">
        <resolver:Dependency ref="myLDAP" />

        <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:mace:dir:attribute-def:norEduOrgUniqueNumber" />

        <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:oid:1.3.6.1.4.1.2428.90.1.1" friendlyName="norEduOrgUniqueNumber" />
    </resolver:AttributeDefinition>

    <resolver:AttributeDefinition id="norEduOrgUnitUniqueNumber" xsi:type="Simple"
        xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="norEduOrgUnitUniqueNumber">
        <resolver:Dependency ref="myLDAP" />

        <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber" />

        <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:oid:1.3.6.1.4.1.2428.90.1.2" friendlyName="norEduOrgUnitUniqueNumber" />
    </resolver:AttributeDefinition>

Observera! Konfigurationen förutsätter att personnummer finns lagrat i din katalog (LDAP) med attributet norEduPersonNIN enligt skatteverkets rekommendation, för mer info se norEduPersonNIN och Svenska Personnummer .