To support the Research and Scholarship Category, an IdP operator configures the IdP to release the R&S attribute bundle to all R&S SPs,
Contents:
Software Requirements
To release attributes to all current and future R&S SPs with a one-time configuration, an IdP leverages entity attributes (instead of entity IDs). The configuration steps documented here require Shibboleth IdP V3, which fully supports using entity attributes in SP metadata as part of an attribute release filter policy. No other SAML IdP software is known to support entity attributes at this time.
Optimize your IdP configuration
Testing IdP Support for R&S
Once you've configured your IdP, you can test your configuration using this test page, a service provided by the GENI Experimenter Portal, an official R&S SP.
Configure an IdP to Release R&S Attributes Globally
Configure a Shibboleth IdP to release the R&S Attribute Bundle to all R&S SPs, including R&S SPs in other federations, as follows:
<!-- for Shibboleth IdP V3.2.0 or later --> <AttributeFilterPolicy id="releaseRandSAttributeBundle"> <PolicyRequirementRule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://refeds.org/category/research-and-scholarship"/> <!-- a fixed subset of the Research & Scholarship Attribute Bundle --> <!-- release of ePPN is REQUIRED --> <AttributeRule attributeID="eduPersonPrincipalName"> <PermitValueRule xsi:type="ANY"/> </AttributeRule> <!-- if your deployment of ePPN is non-reassigned, release of ePTID is OPTIONAL --> <AttributeRule attributeID="eduPersonTargetedID"> <PermitValueRule xsi:type="ANY"/> </AttributeRule> <!-- release of email is REQUIRED --> <AttributeRule attributeID="email"> <PermitValueRule xsi:type="ANY"/> </AttributeRule> <!-- either displayName or (givenName and sn) is REQUIRED but all three are RECOMMENDED --> <AttributeRule attributeID="displayName"> <PermitValueRule xsi:type="ANY"/> </AttributeRule> <AttributeRule attributeID="givenName"> <PermitValueRule xsi:type="ANY"/> </AttributeRule> <AttributeRule attributeID="surname"> <PermitValueRule xsi:type="ANY"/> </AttributeRule> <!-- release of ePSA is OPTIONAL --> <AttributeRule attributeID="eduPersonScopedAffiliation"> <PermitValueRule xsi:type="ANY"/> </AttributeRule> </AttributeFilterPolicy>