Versions Compared

Old Version 28

changes.mady.by.user Pål Axelsson

Saved on

compared with

New Version Current

changes.mady.by.user Pål Axelsson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

Code Block
<resolver:AttributeDefinition xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad" id="memberOf" dependencyOnly="true">
     <resolver:Dependency ref="myLDAP" />
</resolver:AttributeDefinition>

<resolver:AttributeDefinition xsi:type="Script" xmlns="urn:mace:shibboleth:2.0:resolver:ad" id="NyAwebbenEntitlement" >
     <resolver:Dependency ref="memberOf" />
     <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="urn:mace:dir:attribute-def:eduPersonEntitlement" />
     <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" />
     <Script>
          <![CDATA[
               importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);

               // Definiera lärosäteskod i NyA
               larosatekod = new String("YY");

               // Definiera grupp för basanvändare
               baseGroup = new String("NyA-webben-Base");

               // Definiera grupprefix för de olika rollerna
               deparmentGroupPrefix = new String("NyA-webben-Department-");

               NyAwebbenEntitlement = new BasicAttribute("NyAwebbenEntitlement");
               if (memberOf) {
                    for (i=0; i < memberOf.getValues().size(); i++) {

                         // Basanvändare ej begränsad till enskild institution
                         if (memberOf.getValues().get(i).equals(baseGroup)) {
                              NyAwebbenEntitlement.getValues().add("urn:mace:swami.se:gmai:nya-dw:base:o=" + larosatekod);
                         }

                         // Institutionsanvändare begränsat till enskild institution via gruppnamnet
                         else if (DeparmentGroupPrefixdeparmentGroupPrefix.equals(memberOf.getValues().get(i).substring(0,DeparmentPrefixdeparmentGroupPrefix.length()-1))) {
                              NyAwebbenEntitlement.getValues().add("urn:mace:swami.se:gmai:nya-dw:department:o=" + larosatekod + ":norEduOrgUnitUniqueNumber=" + memberOf.getValues().get(i).substring(DeparmentPrefixdeparmentGroupPrefix.length(),memberOf.getValues().get(i).length()));
                         }
                    }
               }
          ]]>
     </Script>
</resolver:AttributeDefinition>

...

Code Block
<AttributeFilterPolicy id="releaseNyAwebbenEntitlement">
     <PolicyRequirementRule xsi:type="basic:OR">
          <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://wwwexpert.antagning.se/ecs-sp" />
          <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://www.antagning.testa.antagning.se/ecs-sp" />
          <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://www.antagning.testb.antagning.se/ecs-sp" />
          <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://sp.swamid.se/shibboleth" />
     </PolicyRequirementRule>
     <AttributeRule attributeID="NyAwebbenEntitlement">
          <PermitValueRule xsi:type="basic:ANY" />
     </AttributeRule>
</AttributeFilterPolicy>