Configuration
At the bare minimum the plugin shows (Personal Data - page)[Configuration] for the user. For this you need to define the profile configuration for user to access the page.
USERPROFILE.SSO profile configuration has to be enabled by adding it to shibboleth.UnverifiedRelyingParty bean.
| Profile Configuration Bean | Profile Configuration URI | Activated Endpoint |
|---|---|---|
| USERPROFILE.SSO | http://geant.org/ns/profiles/userprofile/sso/browser | /idp/profile/userprofile |
<!-- Example of activating USERPROFILE.SSO in relying-party.xml -->
<bean id="shibboleth.UnverifiedRelyingParty" parent="RelyingParty">
<property name="profileConfigurations">
<list>
<bean parent="USERPROFILE.SSO"/>
</list>
</property>
</bean>
The configuration options for USERPROFILE.SSO are far less than with other SSO profiles as there is really no relying party involved.
| Name | Type | Default | Description |
|---|---|---|---|
| defaultAuthenticationMethods | List<Principal> | Ordered list of Java Principals to be used to select appropriate login flow(s) to attempt. | |
| authenticationFlows | List<String> | List of allowed login flow(s) to attempt. | |
| postAuthenticationFlows | List<String> | Ordered list of profile interceptor flows to run after successful authentication | |
| forceAuthn | Boolean | false | Disallows use (or reuse) of authentication results and login flows that don't provide a real-time proof of user presence in the login process |
The purpose of Personal Data page is to show what attributes of user are stored to IdP. This may mean for instance a certain set of LDAP attributes. The attributes that are resolved and shown in the page are listed in userprofile.properties - file.
| Property Name | Description |
|---|---|
userProfile.idpuserattributes |
Attributes that are presented to user as Personal Data. Comma separated list of attributes ids. |
Depending on deployment and use case, it does not always make sense to use pre-existing attributes. If new attributes are defined they do not need filter rules or protocol specific encoding information. Attributes that are shown are not filtered.
Once configured, authenticated user is able to review "Personal Data" in endpoint /idp/profile/userprofile.
