Configuration
The minimum configuration requires you to define the profile configuration for user to access the profile pages. By default only Personal Data - page is shown.
USERPROFILE.SSO profile configuration has to be enabled by adding it to shibboleth.UnverifiedRelyingParty bean.
| Profile Configuration Bean | Profile Configuration URI | Activated Endpoint |
|---|---|---|
| USERPROFILE.SSO | http://geant.org/ns/profiles/userprofile/sso/browser | /idp/profile/userprofile |
<!-- Example of activating USERPROFILE.SSO in relying-party.xml -->
<bean id="shibboleth.UnverifiedRelyingParty" parent="RelyingParty">
<property name="profileConfigurations">
<list>
<bean parent="USERPROFILE.SSO"/>
</list>
</property>
</bean>
The configuration options for USERPROFILE.SSO are far less than with other SSO profiles as there is really no relying party involved. What we have to do is to authenticate the user to grant access to correct data.
| Name | Type | Default | Description |
|---|---|---|---|
| defaultAuthenticationMethods | List<Principal> | Ordered list of Java Principals to be used to select appropriate login flow(s) to attempt. | |
| authenticationFlows | List<String> | List of allowed login flow(s) to attempt. | |
| forceAuthn | Boolean | false | Disallows use (or reuse) of authentication results and login flows that don't provide a real-time proof of user presence in the login process |
The purpose of Personal Data page is to show what attributes of user are stored to IdP. This may mean for instance a certain set of LDAP attributes. The attributes that are resolved and shown in the page are listed in userprofile.properties - file.
| Property Name | Description |
|---|---|
userProfile.idpuserattributes |
Attributes that are presented to user as Personal Data. Comma separated list of attributes ids. |
Attribute filtering is not applied to the list of attributes.
Once configured, authenticated user is able to review "Personal Data" in endpoint /idp/profile/userprofile.
