Skip to content

Configuration

Jump to bottom
Janne Lauros edited this page Sep 14, 2023 · 35 revisions

Minimal Configuration

The minimum configuration requires you to define the profile configuration for user to access the profile pages. The minimal configuration required by Personal Data - page does not require you to define yet storages or data collecting.

Profile Configuration

USERPROFILE.SSO profile configuration has to be enabled by adding it to shibboleth.UnverifiedRelyingParty bean.

Profile Configuration Bean Profile Configuration URI Activated Endpoint
USERPROFILE.SSO http://geant.org/ns/profiles/userprofile/sso/browser /idp/profile/userprofile 
<!-- Example of activating USERPROFILE.SSO in relying-party.xml -->
<bean id="shibboleth.UnverifiedRelyingParty" parent="RelyingParty">
  <property name="profileConfigurations">
    <list>
      <bean parent="USERPROFILE.SSO"/>
    </list>
  </property>
</bean>

Profile configuration options

The configuration options for USERPROFILE.SSO are far less than with other SSO profiles as there is really no relying party involved. What we have to do is to authenticate (and control how that is done) the user to grant access to correct data.

Name Type Default Description
defaultAuthenticationMethods List<Principal> Ordered list of Java Principals to be used to select appropriate login flow(s) to attempt.
authenticationFlows List<String> List of allowed login flow(s) to attempt.
forceAuthn Boolean false Disallows use (or reuse) of authentication results and login flows that don't provide a real-time proof of user presence in the login process

Personal Data

The purpose of Personal Data page is to show what attributes of user are "stored" to IdP. Näyttökuva 2023-8-31 kello 14 38 57

Personal Data attributes

The "stored" attributes may be a simple list of LDAP attributes or in the case of proxying IdP more complex set of upstream attributes combined with locally resolved ones. The attributes that are resolved and shown in the page for user are listed in userprofile.properties - file. Attribute filtering is not applied to the listed attributes.

Property Name Default Description
userProfile.idpuserattributes None List (mandatory) of attributes that are presented to user as Personal Data. Comma separated list of attributes ids.
userProfile.logoutUrl None Optional logout url, for instance /idp/profile/Logout

The properties file may be used to activate optional "Log Out" - button on profile pages.

Once all is configured, authenticated user is able to access endpoint /idp/profile/userprofile.

Clone this wiki locally