Versions Compared

Old Version 7

changes.mady.by.user Peter Brand

Saved on

compared with

New Version Current

changes.mady.by.user Lukas Haemmerle

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Status
colourRed
titleF
No attributes received


Info
titleAttribute Release Training
To get a better understanding of attribute release in general, how it affects services in eduGAIN and what to consider to properly implement it, we strongly recommend to have a look at the GÉANT online course on "Successful Attribute Release".


Bonus points (A-C)

  • IdP R&S support is indicated

...

  • Attribute: A non-empty SAML Attribute sent as a part of a SAML AttributeStatement
  • Information: Either an attribute or a set of attributes for which a transformation or combination algorithm is available to produce data for an application (ie: e-mail, affiliationname)
  • Requested information: The set of attributes or meta-attributes (such as a non-reassigned identifier or a name), that is requested by the SP by using SAML metadata, whether or not isRequired is flagged.
  • All necessary information: Set of released attributes that can provide all requested information
  • Minimal information = required information: If the tested SP has an entity category, where the minimal set is defined (such as R&S), the minimal information is the minimal set. Otherwise it is the set of attributes that can provide the subset of requested information, where isRequired="true" is set in the SP's SAML metadata.
  • Basic information: A set of attributes, including at least a persistent identifier represented by at least one of:
  • Superfluous attribute: Attribute that is sent by the IdP even though the information is not requested by the SP. Sending the same attribute in different NameFormats does not count as superfluous information. A redundant attribute does not count as superfluous information, if the source attribute(s) is/are requested. As a special case, eduPersonTargetedID is not a superfluous attribute if eduPersonPrincipalName is requested either directly via a RequestedAttribute metadata element or indirectly by declaring R&S entity category.
  • R&S requirements: According to the R&S specification, the following attributes must be provided by an R&S IdP:
  • Redundant attributes: Information that can be extracted from one or more attributes:
    • schacHomeOrganization <= eduPersonScopedAffiliation
    • schacHomeOrganization <= eduPersonPrincipalName
    • eduPersonAffiliation <= eduPersonScopedAffiliation
    • cn <= sn+givenName
    • displayName <= sn+givenName
    • cn <= displayName
    • displayName <= cn
    • as a special case, even though sn and givenName can not be reliably extracted from cn or displayName, however for EARC ranking, they are treated as redundant to both cn and displayName.
    • eduPersonTargetedID <= SAML 2.0 persistent NameID
  • Personal information: All received attributes except for
    • schacHomeOrganization
    • schacHomeOrganizationType
    • eduPersonAffiliation
    • eduPersonScopedAffiliation
    • o
    • eduPersonEntitlement with the value of "urn:mace:dir:entitlement:common-lib-terms" (other values are treated as personal attributes)

REST/JSON API

There is a simple API to query the test verdicts for all Identity Providers and for a particular one.

Query all Identity Provider Results:

Query Format: HTTP GET to

HTML
https://release-check.edugain.org/api/results/


Example: https://release-check.edugain.org/api/results/

This will return all the tested Identity Providers with their basic information, test verdicts and a URL to the details page. The response is a JSON-encoded.

Query Results for one specific Identity Provider:

Query Format: HTTP GET to 

HTML
https://release-check.edugain.org/api/results/#URL-encoded IdP EntityID#

Example: https://release-check.edugain.org/api/results/https%253A%252F%252Fpapi.kfki.hu%252Fidp%252Fshibboleth

This will return information for the specific Identity Provider whose URL-encoded entityID is added to the query URL.