Skip to topic | Skip to bottom
Home
Federation
Hello TWikiGuest

Create personal sidebar
Federation.AdvancedShARPEr1.2 - 28 Aug 2006 - 05:26 - BrucLiongtopic end
Start of topic | Skip to actions

ShARPE Advanced Configuration

GroupLookup

  1. multiple GroupLookups are possible
  2. implementation of GroupLookup has to implements au.edu.mq.melcoe.mams.sharpe.shib.aa.arp.group.GroupLookup interface
  3. refer to GroupLookup page for sample of configuration

AttributeResolverGroupLookup?

  1. usage of MAMSAttributeResolver? is optional in the <ResolverConfig>. if the implementation attribute is not specified then the original Shibboleth's AttributeResolver? implementation is used. MAMSAttributeResolver? is a slight modified version of AttributeResolver? capable of reloading the resolver configuration on runtime upon detection of changes to the configuration.
  2. resolver configuration file location could be different from the main configuration used. This instance of resolver engine only cares about the specified attributes as required by UserGroup and GroupListing

PropertyFileGroupLookup?

  1. %PRINCIPAL% can be used in the "separator" attribute for this GroupLookup. It will be replaced with the runtime value of the logged in user

CompositeGroupLookup?

  1. multiple GroupLookups can be placed here
  2. it has the format of: 
             <GroupLookup implementation="au.edu.mq.melcoe.mams.sharpe.shib.aa.arp.group.provider.CompositeGroupLookup">
             <GroupLookup implementation="...">
                 ...
             </GroupLookup>
             <GroupLookup implementation="...">
                 ...
             </GroupLookup>
         </GroupLookup>

Utilizing Hash Crosswalk (Mapping)

ShARPE provides HashCrosswalk? function that can be used directly to produce a hash of whatever input given to it. This is particularly useful when admin would like to produce some sort of unidentifiable data from those identifiable. In particular, this can be used to generate eduPersonTargetedID for example by hashing a random seed coupled with user's email and the requesting SP name.

Consider the following example: 

   
      urn:mace:dir:attribute-def:eduPersonTargetedID
      SHA1('this is my seed' + urn:mace:dir:attribute-def:mail + REQUESTER)

The above dictates ShARPE to produce an ePTID by hashing (SHA1) a seed, user's email, and SP's name. Refer to Generation of ePTID using ShARPE for more details on its usage.

PolicyFilter

  1. specifying PolicyFilter in ArpRepository? will filter ALL policies before it is being used by Shibboleth, hence be very careful on what to filter

Resources

  1. Discuss everything on ShARPE Mailing List

-- BrucLiong - 24 Apr 2006
to top

End of topic
Skip to action links | Back to top

Edit | Attach image or document | Printable version | Raw text | More topic actions
Revisions: | r1.2 | > | r1.1 | Total page history | Backlinks
You are here: Federation > WebSharpe > ShARPEInstall > AdvancedShARPE

to top

Copyright © 1999-2008 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback