Skip to content

Configuration

Jump to bottom
Janne Lauros edited this page Sep 14, 2023 · 35 revisions

Minimal Configuration

The minimum configuration requires you to define the profile configuration for user to access the profile pages. The minimal configuration required by Personal Data - page does not require you to define yet storages or data collecting.

Profile Configuration

USERPROFILE.SSO profile configuration has to be enabled by adding it to shibboleth.UnverifiedRelyingParty bean.

Profile Configuration Bean Profile Configuration URI Activated Endpoint
USERPROFILE.SSO http://geant.org/ns/profiles/userprofile/sso/browser /idp/profile/userprofile 
<!-- Example of activating USERPROFILE.SSO in relying-party.xml -->
<bean id="shibboleth.UnverifiedRelyingParty" parent="RelyingParty">
  <property name="profileConfigurations">
    <list>
      <bean parent="USERPROFILE.SSO"/>
    </list>
  </property>
</bean>

Profile configuration options

The configuration options for USERPROFILE.SSO are far less than with other SSO profiles as there is really no relying party involved. What we have to do is to authenticate (and control how that is done) the user to grant access to correct data.

Name Type Default Description
defaultAuthenticationMethods List<Principal> Ordered list of Java Principals to be used to select appropriate login flow(s) to attempt.
authenticationFlows List<String> List of allowed login flow(s) to attempt.
forceAuthn Boolean false Disallows use (or reuse) of authentication results and login flows that don't provide a real-time proof of user presence in the login process

Personal Data

Näyttökuva 2023-8-31 kello 14 38 57

Personal Data attributes

The purpose of Personal Data page is to show what attributes of user are stored to IdP. This may mean for instance a certain set of LDAP attributes. The attributes that are resolved and shown in the page are listed in userprofile.properties - file.

Profile page shows logout option if such url is defined, like /idp/profile/Logout.

Property Name Default Description
userProfile.idpuserattributes None List (mandatory) of attributes that are presented to user as Personal Data. Comma separated list of attributes ids.
userProfile.logoutUrl None Optional logout url

Attribute filtering is not applied to the list of attributes.

Once configured, authenticated user is able to review "Personal Data" in endpoint /idp/profile/userprofile.

Clone this wiki locally