Versions Compared

Old Version 29

changes.mady.by.user Keith Hazelton (wisc.edu)

Saved on

compared with

New Version 30

changes.mady.by.user Keith Hazelton (wisc.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

SAML attributes returned from each of the three social providers as seen in Apache environment variables:

unmigrated-wiki-markup\---------\-
UW-Madison''s Soc2SAML gateway \
----\-
Twitter:
Shib-Application-ID default
Shib-Session-ID \ _0ad867d6e583e8f5f897bd102e97f15f
Shib-Identity-Provider [https://panda.doit.wisc.edu/idp/twitter]
Shib-Authentication-Instant 2012-08-27T15:00:13Z
Shib-Authentication-Method urn:oasis:names:tc:SAML:2.0:ac:classes:Password
Shib-AuthnContext-Class urn:oasis:names:tc:SAML:2.0:ac:classes:Password
Shib-Session-Index \ _0eeb7aae8714bf1115a36911662025165295a75ae5
Shib-Assertion-Count 00
cn khazelton
displayName khazelton
eppn 16xxxxxx@twitter.com
persistent-id \ [https://panda.doit.wisc.edu/idp/twitter\]\! \ [https://persepolis.wisc.edu/shibboleth-sp\]\! 8a6bxxxxxxb2a5599564655df607f99e7b220c29unmigrated-wiki-markup

\----\-
Facebook:
Shib-Application-ID default
Shib-Session-ID \ _280ef30bdbb6b3d74407bcd98e9a55fc
Shib-Identity-Provider [https://panda.doit.wisc.edu/idp/facebook]
Shib-Authentication-Instant 2012-08-27T15:04:42Z
Shib-Authentication-Method urn:oasis:names:tc:SAML:2.0:ac:classes:Password
Shib-AuthnContext-Class urn:oasis:names:tc:SAML:2.0:ac:classes:Password
Shib-Session-Index \ _901fc506235ea6bb89c77a09d7385b9c1065869297
Shib-Assertion-Count 00
cn Keith D Hazelton
displayName Keith D Hazelton
eppn 100002457xxxxxx@facebook.com
givenName Keith
mail khazelton@gmail.com
persistent-id \ [https://panda.doit.wisc.edu/idp/facebook\]\! \ [https://persepolis.wisc.edu/shibboleth-sp\]\! 725fxxxxxx5afc40fc1af43131c027cac474deda
sn Hazeltonunmigrated-wiki-markup\

----\-
Google:
Value
Shib-Application-ID default
Shib-Session-ID \ _d602f68653201efbd494d278c5f02b8d
Shib-Identity-Provider [https://panda.doit.wisc.edu/idp/google]
Shib-Authentication-Instant 2012-08-27T15:07:23Z
Shib-Authentication-Method urn:oasis:names:tc:SAML:2.0:ac:classes:Password
Shib-AuthnContext-Class urn:oasis:names:tc:SAML:2.0:ac:classes:Password
Shib-Session-Index \ _6375bb12c3e643580fe4e7b4e710f66cbcd4af4c94
Shib-Assertion-Count 00
cn Keith Hazelton
displayName Keith Hazelton
eppn 58159e6705c4df4eedafce4b56xxxxxx@google.com
givenName Keith
mail khazelton@gmail.com
persistent-id \ [https://panda.doit.wisc.edu/idp/google\]\! \ [https://persepolis.wisc.edu/shibboleth-sp\]\! dac0xxxxxx2b374401d64924f2b5874b8d691eeb
sn Hazelton

IDCorral Shibboleth IdP Proxy

...

IdPproxy was developed as an proxy authentication system, to bridge the divide between SAML2 federations and Social Media. It only works one way, that is it uses Social Media to authenticate persons to SAML2 federation.  

Attributes Available from Identity Providers

The focus has all the time been on authentication, gathering identity information has always been more of a 'nice if we get some'. The reason for this is of course the level of assurance that you get for this information. IdPproxy today supports Facebook, Google, Twitter, general OpenID and Windows Live ID. It does not ask for any attributes outside what these services provide by-default. Hence, we have, so far, not tried to find out what is possible to get out of them.

...

OpenID Simple Registration Extension 1.0

Extract from above:

...

:

...

openid.sreg.nickname

Any UTF-8 string that the End User wants to use as a nickname.  [Note: The Profile's Label for this attribute is "Alias/Username."] ]]></ac:plain-text-body></ac:structured-macro>

openid.sreg.email

The email address of the End User as specified in section 3.4.1 of RFC2822

openid.sreg.fullname

UTF-8 string free text representation of the End User's full name

openid.sreg.dob

The End User's date of birth as YYYY-MM-DD. Any values whose representation uses fewer than the specified number of digits should be zero-padded. The length of this value MUST always be 10. If the End User user does not want to reveal any particular component of this value, it MUST be set to zero.
For instance, if a End User wants to specify that his date of birth is in 1980, but not the month or day, the value returned SHALL be "1980-00-00"

openid.sreg.gender

The End User's gender, "M" for male, "F" for female

openid.sreg.postcode

UTF-8 string free text that SHOULD conform to the End User's country's postal system

openid.sreg.country

The End User's country of residence as specified by ISO3166

openid.sreg.language

End User's preferred language as specified by ISO639

openid.sreg.timezone

ASCII string from TimeZone database
For example, "Europe/Paris" or "America/Los_Angeles"