| Wiki Markup |
|---|
IDP Configuration: *\[Shibboleth 2.0\]* \\ |
To interoperate with NIH the following changes/additions need to be made to the Shibboleth configuration files (examples are from NIH/InCommon interop on a Shibboleth IdP running HA_Shib): *{+}
SAML signing cert
Please make sure that your IDP signing cert cert{+}* Please make sure that your IDP signing cert hasn't expired and it is loaded up to date in the InCommon metadata as our SP doesn't accept the assertions signed by an expired certificate. *
1) Attributes*
Make sure attribute-resolver.xml is configured to generate the
attributes:
urn: sn, givenName, email.mace:dir:attribute-def:mail
urn:mace:dir:attribute-def:sn
urn:mace:dir:attribute-def:givenName
NIH prefers that EPPN be delivered with the name "urn:oid:1.3.6.1.4.1.5923.1.1.1.6", and with scopetype inline.
...
scopeType="inline"/> </resolver:AttributeDefinition>
More info
https://spaces.at.internet2.edu/display/SHIB2/SAML1ScopedStringAttributeEncoder
2) Attribute Release
...
4) Test Link after the completion of above steps:‐
https://soadev.nih.gov/FederationGateway
...