diff --git a/conf/attribute-registry.xml b/conf/attribute-registry.xml
index 8890f4b..133930b 100644
--- a/conf/attribute-registry.xml
+++ b/conf/attribute-registry.xml
@@ -16,11 +16,14 @@
The system comes preconfigured to load rules directly from resource files
configured in services.xml so they're monitored for changes.
- You can add mappings here, add more XML resource files,
- or drop property files into the directory noted below.
+ You can add mappings here, add more XML resource files, or drop property
+ files into the directory noted below, but they won't be monitored for changes
+ themselves.
-->
-
+
diff --git a/conf/attribute-resolver-full.xml b/conf/attribute-resolver-full.xml
deleted file mode 100644
index ad75dbc..0000000
--- a/conf/attribute-resolver-full.xml
+++ /dev/null
@@ -1,251 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/conf/attribute-resolver-ldap.xml b/conf/attribute-resolver-ldap.xml
index 76e6d55..19b68d6 100644
--- a/conf/attribute-resolver-ldap.xml
+++ b/conf/attribute-resolver-ldap.xml
@@ -1,66 +1,58 @@
-
-
-
+
+
+
+
-
-
+
+
-
-
-
+
+
-
+-->
+
+
+
+
-
-
+
+
+
+ responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}"
+ exportAttributes="mail displayName sn givenName departmentNumber employeeNumber eduPersonEntitlement eduPersonAssurance">
-
+
+
+
+
diff --git a/conf/attributes/custom/README.txt b/conf/attributes/custom/README
similarity index 100%
rename from conf/attributes/custom/README.txt
rename to conf/attributes/custom/README
diff --git a/conf/attributes/default-rules.xml b/conf/attributes/default-rules.xml
index 24e6b09..c865157 100644
--- a/conf/attributes/default-rules.xml
+++ b/conf/attributes/default-rules.xml
@@ -14,738 +14,15 @@
-
-
-
-
-
-
-
-
- uid
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:0.9.2342.19200300.100.1.1
- urn:mace:dir:attribute-def:uid
- User ID
- Benutzer-ID
- ID utilisateur
- ID dell'utente
- ユーザID
- A unique identifier for a person, mainly used for user identification within the user's home organization.
- Eine eindeutige Nummer für eine Person, welche hauptsächlich zur Identifikation innerhalb der Organisation benutzt wird.
- Identifiant de connexion d'une personnes sur les systèmes informatiques.
- Identificativo unico della persona, usato per l'identificazione dell'utente all'interno della organizzazione di appartenenza.
- 所属機関内で一意の利用者識別子
-
-
-
-
-
-
-
- mail
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:0.9.2342.19200300.100.1.3
- urn:mace:dir:attribute-def:mail
- E-mail
- E-Mail
- Email
- E-mail
- メールアドレス
- E-Mail: Preferred address for e-mail to be sent to this person
- E-Mail-Adresse
- E-Mail Adresse
- Adresse de courrier électronique
- E-Mail: l'indirizzo e-mail preferito dall'utente
- メールアドレス
-
-
-
-
-
-
-
- homePhone
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:0.9.2342.19200300.100.1.20
- urn:mace:dir:attribute-def:homePhone
- Private phone number
- Telefon Privat
- Teléphone personnel
- Numero di telefono privato
- 自宅電話番号
- Private phone number
- Private Telefonnummer
- Numéro de téléphone de domicile de la personne
- Numero di telefono privato
- 自宅の電話番号
-
-
-
-
-
-
-
- homePostalAddress
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:0.9.2342.19200300.100.1.39
- urn:mace:dir:attribute-def:homePostalAddress
- Home postal address
- Heimatadresse
- Heimadresse
- Adresse personnelle
- Indirizzo personale
- 自宅住所
- Home postal address: Home address of the user
- Heimatadresse
- Heimadresse
- Adresse postale de domicile de la personne
- Indirizzo personale: indirizzo dove abita l'utente
- 自宅の住所
-
-
-
-
-
-
-
- mobile
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:0.9.2342.19200300.100.1.41
- urn:mace:dir:attribute-def:mobile
- Mobile phone number
- Telefon Mobil
- Numéro de mobile
- Numero di cellulare
- 携帯電話番号
- Mobile phone number
- Mobile Telefonnummer
- Numéro de teléphone mobile
- Numero di cellulare
- 携帯電話の電話番号
-
-
-
-
-
-
-
- pager
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:0.9.2342.19200300.100.1.42
- urn:mace:dir:attribute-def:pager
- Pager number
- Pager number
-
-
-
-
-
-
-
- surname
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:2.5.4.4
- urn:mace:dir:attribute-def:sn
- Surname
- Nachname
- Nom de famille
- Cognome
- 姓
- Surname or family name
- Familienname
- Nom de famille de l'utilisateur.
- Cognome dell'utilizzatore
- 氏名(姓)の英語表記
-
-
-
-
-
-
-
- locality
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:2.5.4.7
- urn:mace:dir:attribute-def:l
- Locality name
- Ort
- Locality name
- 場所(L)
- Locality name
- Ort
- Nom de la localité où réside l'objet
- 場所の名前 日本の場合は市区町村名
-
-
-
-
-
-
-
- stateProvince
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:2.5.4.8
- urn:mace:dir:attribute-def:st
- State or province name
- 都道府県もしくは州や省(ST)
- State or province name
- 州名や省名 国によって異なり日本の場合は都道府県名
-
-
-
-
-
-
-
- street
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:2.5.4.9
- urn:mace:dir:attribute-def:street
- Street
- Straße
- Strasse
- Rue
- 通り
- Street address
- Name der Straße
- Strassenadresse
- Nom de rue
- 通りおよび番地
-
-
-
-
-
-
-
- organizationName
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:2.5.4.10
- urn:mace:dir:attribute-def:o
- Organization name
- Organisationsname
- Nom de l'organisation
- 所属機関名
- Organization name
- Name der Organisation
- Nom de l'organisation
- 所属機関名称の英語表記
-
-
-
-
-
-
-
- organizationalUnit
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:2.5.4.11
- urn:mace:dir:attribute-def:ou
- Organizational unit
- Organisationseinheit
- Unité organisationnelle
- 機関内所属名
- Organizational unit
- Name der Organisationseinheit
- Nom de l'unité organisationnelle
- 機関内所属名称の英語表記
-
-
-
-
-
-
-
- title
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:2.5.4.12
- urn:mace:dir:attribute-def:title
- Title
- Titel
- Title
- 肩書き
- Title of a person
- Titel der Person
- Titre de la personne
- 利用者の肩書き
-
-
-
-
-
-
-
- postalAddress
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:2.5.4.16
- urn:mace:dir:attribute-def:postalAddress
- Business postal address
- Geschäftsadresse
- Adresse professionnelle
- Indirizzo professionale
- 所属機関住所
- Business postal address: Campus or office address
- Geschäftliche Adresse
- Adresse am Arbeitsplatz
- Adresse de l'institut, de l'université
- Indirizzo professionale: indirizzo dell'istituto o dell'ufficio
- 所属機関の住所
-
-
-
-
-
-
-
- postalCode
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:2.5.4.17
- urn:mace:dir:attribute-def:postalCode
- Postal code
- ZIP code
- Postleitzahl
- Code postal
- 郵便番号
- Postal code
- ZIP code
- Postleitzahl
- Code postal
- 郵便番号
-
-
-
-
-
-
-
- postOfficeBox
- SAML2StringTranscoder SAML1StringTranscoder
- urn:mace:dir:attribute-def:postOfficeBox
- urn:oid:2.5.4.18
- Postal box
- Postfach
- Boite postale
- Case postale
- 私書箱
- Postal box identifier
- Postfach
- Boite postale
- Case postale
- 私書箱
-
-
-
-
-
-
-
- telephoneNumber
- SAML2StringTranscoder SAML1StringTranscoder
- urn:mace:dir:attribute-def:telephoneNumber
- urn:oid:2.5.4.20
- Business phone number
- Telefon Geschäft
- Teléphone professionnel
- Numero di telefono dell'ufficio
- 所属機関内電話番号
- Business phone number: Office or campus phone number
- Telefonnummer am Arbeitsplatz
- Teléphone de l'institut, de l'université
- Numero di telefono dell'ufficio
- 所属機関での利用者の電話番号
-
-
-
-
-
-
-
- givenName
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:2.5.4.42
- urn:mace:dir:attribute-def:givenName
- Given name
- Vorname
- Prénom
- Nome
- 名
- Given name of a person
- Vorname
- Prénom de l'utilisateur
- Nome
- 氏名(名)の英語表記
-
-
-
-
-
-
-
- initials
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:2.5.4.43
- urn:mace:dir:attribute-def:initials
- Initials
- Initialen
- Initiales
- イニシャル
- Initials
- Anfangsbuchstaben des Namens
- Die Anfangsbuchstaben
- L' initiales
- イニシャル
-
-
-
-
-
-
-
-
-
- departmentNumber
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:2.16.840.1.113730.3.1.2
- urn:mace:dir:attribute-def:departmentNumber
- Department number
- Abteilungsnummer
- Department number
- Nummer der Abteilung
-
-
-
-
-
-
-
- displayName
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:2.16.840.1.113730.3.1.241
- urn:mace:dir:attribute-def:displayName
- Display Name
- Anzeigename
- Nom
- Nome
- 表示名
- The name that should appear in white-pages-like applications for this person.
- Anzeigename
- Nom complet d'affichage
- Nome
- アプリケーションでの表示に用いられる英字氏名
-
-
-
-
-
-
-
- employeeNumber
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:2.16.840.1.113730.3.1.3
- urn:mace:dir:attribute-def:employeeNumber
- Employee number
- Mitarbeiternummer
- Numéro d'employé
- Numero dell'utente
- 従業員番号
- Identifies an employee within an organization
- Identifiziert einen Mitarbeiter innerhalb der Organisation
- Identifie un employé au sein de l'organisation
- Identifica l' utente presso l'organizzazione
- 所属機関における利用者の従業員番号
-
-
-
-
-
-
-
- employeeType
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:2.16.840.1.113730.3.1.4
- urn:mace:dir:attribute-def:employeeType
- Employee type
- Employee type
-
-
-
-
-
-
-
- jpegPhoto
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:0.9.2342.19200300.100.1.60
- urn:mace:dir:attribute-def:jpegPhoto
- JPEG Photo
- Image of a person in JPEG format
-
-
-
-
-
-
-
- preferredLanguage
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:2.16.840.1.113730.3.1.39
- urn:mace:dir:attribute-def:preferredLanguage
- Preferred Language
- Bevorzugte Sprache
- Langue préférée
- Lingua preferita
- 希望言語
- Preferred language: Users preferred language (see RFC1766)
- Bevorzugte Sprache (siehe RFC1766)
- Exemple: fr, de, it, en, ... (voir RFC1766)
- Lingua preferita: la lingua preferita dall'utente (cfr. RFC1766)
- 利用者が希望する言語(RFC1766 を参照)
-
-
-
-
-
-
-
-
-
- eduPersonAffiliation
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:1.3.6.1.4.1.5923.1.1.1.1
- urn:mace:dir:attribute-def:eduPersonAffiliation
- Affiliation
- Zugehörigkeit
- Affiliation
- Tipo di membro
- 職位
- Affiliation: Type of affiliation with Home Organization
- Art der Zugehörigkeit zur Heimatorganisation
- Art der Zugehörigkeit zur Heimorganisation
- Type d'affiliation dans l'organisation
- Tipo di membro: Tipo di lavoro svolto per l'organizzazione
- 所属機関における職位(faculty,staff,student,memberなど)
-
-
-
-
-
-
-
- eduPersonEntitlement
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:1.3.6.1.4.1.5923.1.1.1.7
- urn:mace:dir:attribute-def:eduPersonEntitlement
- Entitlement
- Berechtigung
- Entitlement
- Prerogativa
- 資格情報
- Member of: URI (either URL or URN) that indicates a set of rights to specific resources based on an agreement across the releavant community
- Zeichenkette, die Rechte für spezifische Ressourcen beschreibt
- Membre de: URI (soit une URL ou une URN) décrivant un droit spécific d'accès.
- Membro delle seguenti URI (sia URL o URN) che rappresentano diritti specifici d'accesso validi in tutta la communità
- 特定のアプリケーションもしくはコミュニティ内の複数リソースへのアクセス権限を持つことを示すURI(URLもしくはURN)
-
-
-
-
-
-
-
- eduPersonNickname
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:1.3.6.1.4.1.5923.1.1.1.2
- urn:mace:dir:attribute-def:eduPersonNickname
- Nick name
- Kurzname
- Übername
- Surnom
- Diminutivo
- ニックネーム
- Person's nickname, or the informal name by which they are accustomed to be hailed.
- Kurzname einer Person, oder üblicher Rufname zur Begrüßung.
- Übername einer Person, oder üblicher Rufname zur Begrüssung.
- Nom personnalisable pour un usage informel.
- Diminutivo della persona, o soprannome.
- 利用者のニックネームもしくは通称
-
-
-
-
-
-
-
- eduPersonPrimaryAffiliation
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:1.3.6.1.4.1.5923.1.1.1.5
- urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation
- Primary affiliation
- Primäre Zugehörigkeit
- Affiliation pricipale
- Appartenenza principale
- 主要職位
- Specifies the person's primary relationship to the institution in broad categories such as student, faculty, staff, alum, etc.
- Spezifiziert der Hauptbeziehung einer Person innerhalb ihrer Organisation in groben Kategorien wie Student, Mitarbeiter, Alumni, etc.
- Spécifie la relation principale d'une personne avec l'institution selon des majeures catégories comme étudiant, collaborateur, alumni etc.
- Specifica la relazione principale dell persona con l'istituzione secondo le maggiori categorie come studente, collaboratore, alumni, etc.
- 所属機関における主要な職位(faculty,staff,student,memberなど)
-
-
-
-
-
-
-
- eduPersonPrincipalName
- SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder
- urn:oid:1.3.6.1.4.1.5923.1.1.1.6
- urn:mace:dir:attribute-def:eduPersonPrincipalName
- false
- Principal Name
- Persönliche ID
- Principal Name
- Principal Name
- プリンシパルID
- A unique identifier for a person, mainly for inter-institutional user identification.
- Eindeutige Benutzeridentifikation
- Eindeutige Benützeridentifikation
- L'identifiant unique de l'utilisateur
- Un ID personale che identifica chiaramente l'utente in seno alla sua organizzazione
- フェデレーション内で一意かつ永続的な利用者識別子
-
-
-
-
-
-
-
- eduPersonPrincipalNamePrior
- SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder
- urn:oid:1.3.6.1.4.1.5923.1.1.1.12
- urn:oid:1.3.6.1.4.1.5923.1.1.1.12
- false
- Prior Principal Name
- eduPersonPrincipalName value that was previously associated with the entry.
-
-
-
-
-
-
-
- eduPersonScopedAffiliation
- SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder
- urn:oid:1.3.6.1.4.1.5923.1.1.1.9
- urn:mace:dir:attribute-def:eduPersonScopedAffiliation
- false
- Scoped Affiliation
- Zugehörigkeit
- Affiliation
- Tipo di membro
- スコープ付き職位
- Specifies the person's affiliation within a particular security domain
- Art der Zugehörigkeit zur Heimatorganisation
- Art der Zugehörigkeit zur Heimorganisation
- Type d'affiliation dans l'organisation
- Tipo di membro: Tipo di lavoro svolto per l'organizzazione
- セキュリティドメインのスコープが付いた所属機関における職位
-
-
-
-
-
-
-
- eduPersonAssurance
- SAML2StringTranscoder SAML1StringTranscoder
- urn:oid:1.3.6.1.4.1.5923.1.1.1.11
- urn:mace:dir:attribute-def:eduPersonAssurance
- Assurance Level
- Vertrauensgrad
- Niveau de confiance
- Livello di sicurezza
- 保証レベル
- Set of URIs that assert compliance with specific standards for identity assurance.
- URIs die eine gewisse Zusicherung für spezifische Standards des Vertrauens beinhalten
- Un ensemble d'URI qui attestent la conformité selon un standard pour les niveaux d'assurance d'identités
- Un insieme di URI che asseriscono l'osservanza dei livelli di sicurezza richiesti
- IDの保証レベルに関して特定の基準に準拠していることを示すURI
-
-
-
-
-
-
-
-
-
- eduPersonUniqueId
- SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder
- urn:oid:1.3.6.1.4.1.5923.1.1.1.13
- urn:oid:1.3.6.1.4.1.5923.1.1.1.13
- false
- Unique ID
- Eindeutige ID
- ID unique
- ID unico
- ユニークID
- A unique identifier for a person, mainly for inter-institutional user identification.
- Eindeutige Benutzeridentifikation
- Eindeutige Benützeridentifikation
- Identifiant unique de l'utilisateur
- Un identificativo personale che identifica chiaramente l'utente in seno alla sua organizzazione
- フェデレーション内で一意で永続的かつ難読化された利用者識別子(後継はサブジェクトID)
-
-
-
-
-
-
-
-
-
- samlSubjectID
- SAML2ScopedStringTranscoder
- urn:oasis:names:tc:SAML:attribute:subject-id
- Unique ID
- Eindeutige ID
- ID unique
- ID unico
- サブジェクトID
- A unique identifier for a person, mainly for inter-institutional user identification.
- Eindeutige Benutzeridentifikation
- Eindeutige Benützeridentifikation
- Identifiant unique de l'utilisateur
- Un identificativo personale che identifica chiaramente l'utente in seno alla sua organizzazione
- フェデレーション内で一意で永続的かつ難読化された利用者識別子(eduPersonUniqueIdの後継)
-
-
-
-
-
-
-
- samlPairwiseID
- SAML2ScopedStringTranscoder
- urn:oasis:names:tc:SAML:attribute:pairwise-id
- Pairwise ID
- Pairwise ID
- Pairwise ID
- Pairwise ID
- ペアワイズID
- Pairwise ID: A unique identifier for a person, different for each service provider.
- Pairwise ID: Eindeutige Benutzeridentifikation, unterschiedlich pro Service Provider.
- Pairwise ID: Eindeutige Benützeridentifikation, unterschiedlich pro Service Provider.
- Pairwise ID: Un identifiant unique de l'utilisateur, différent pour chaque fournisseur de service.
- Pairwise ID: identificativo unico della persona, differente per ogni fornitore di servizio.
- フェデレーション内で一意かつSP毎に送出される値が異なる利用者識別子(eduPersonTargetedIDの後継)
-
-
-
-
-
-
-
+
+
+
+
+
+
diff --git a/conf/attributes/eduCourse.xml b/conf/attributes/eduCourse.xml
new file mode 100644
index 0000000..6794da6
--- /dev/null
+++ b/conf/attributes/eduCourse.xml
@@ -0,0 +1,50 @@
+
+
+
+
+
+
+
+
+
+
+ eduCourseOffering
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.6.1.1
+ urn:oid:1.3.6.1.4.1.5923.1.6.1.1
+ Course offering
+ Unique identifier for a course offering
+
+
+
+
+
+
+
+ eduCourseMember
+ SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.6.1.2
+ urn:oid:1.3.6.1.4.1.5923.1.6.1.2
+ false
+ Course role
+ Specifies the person's role within a particular course offering
+
+
+
+
+
+
+
+
+
diff --git a/conf/attributes/eduPerson.xml b/conf/attributes/eduPerson.xml
new file mode 100644
index 0000000..afe1299
--- /dev/null
+++ b/conf/attributes/eduPerson.xml
@@ -0,0 +1,266 @@
+
+
+
+
+
+
+
+
+
+
+ eduPersonAffiliation
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.1
+ urn:mace:dir:attribute-def:eduPersonAffiliation
+ Affiliation
+ Zugehörigkeit
+ Affiliation
+ Tipo di membro
+ 職位
+ Affiliation: Type of affiliation with Home Organization
+ Art der Zugehörigkeit zur Heimatorganisation
+ Art der Zugehörigkeit zur Heimorganisation
+ Type d'affiliation dans l'organisation
+ Tipo di membro: Tipo di lavoro svolto per l'organizzazione
+ 所属機関における職位(faculty,staff,student,memberなど)
+
+
+
+
+
+
+
+ eduPersonAssurance
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.11
+ urn:mace:dir:attribute-def:eduPersonAssurance
+ Assurance level
+ Vertrauensgrad
+ Niveau de confiance
+ Livello di sicurezza
+ 保証レベル
+ Set of URIs that assert compliance with specific standards for identity assurance.
+ URIs die eine gewisse Zusicherung für spezifische Standards des Vertrauens beinhalten
+ Un ensemble d'URI qui attestent la conformité selon un standard pour les niveaux d'assurance d'identités
+ Un insieme di URI che asseriscono l'osservanza dei livelli di sicurezza richiesti
+ IDの保証レベルに関して特定の基準に準拠していることを示すURI
+
+
+
+
+
+
+
+ eduPersonEntitlement
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.7
+ urn:mace:dir:attribute-def:eduPersonEntitlement
+ Entitlement
+ Berechtigung
+ Entitlement
+ Prerogativa
+ 資格情報
+ Member of: URI (either URL or URN) that indicates a set of rights to specific resources based on an agreement across the releavant community
+ Zeichenkette, die Rechte für spezifische Ressourcen beschreibt
+ Membre de: URI (soit une URL ou une URN) décrivant un droit spécific d'accès.
+ Membro delle seguenti URI (sia URL o URN) che rappresentano diritti specifici d'accesso validi in tutta la communità
+ 特定のアプリケーションもしくはコミュニティ内の複数リソースへのアクセス権限を持つことを示すURI(URLもしくはURN)
+
+
+
+
+
+
+
+ eduPersonNickname
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.2
+ urn:mace:dir:attribute-def:eduPersonNickname
+ Nickname
+ Kurzname
+ Übername
+ Surnom
+ Diminutivo
+ ニックネーム
+ Person's nickname, or the informal name by which they are accustomed to be hailed.
+ Kurzname einer Person, oder üblicher Rufname zur Begrüßung.
+ Übername einer Person, oder üblicher Rufname zur Begrüssung.
+ Nom personnalisable pour un usage informel.
+ Diminutivo della persona, o soprannome.
+ 利用者のニックネームもしくは通称
+
+
+
+
+
+
+
+ eduPersonOrgDN
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.3
+ urn:mace:dir:attribute-def:eduPersonOrgDN
+ Organization distinguished name
+ Distinguished name (DN) of the directory entry representing the institution with which the person is associated.
+
+
+
+
+
+
+
+ eduPersonOrgUnitDN
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.4
+ urn:mace:dir:attribute-def:eduPersonOrgUnitDN
+ Organization unit distinguished name
+ Distinguished name(s) (DN) of the directory entries representing the person's Organizational Unit(s).
+
+
+
+
+
+
+
+ eduPersonOrcid
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.16
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.16
+ ORCID
+ ORCID researcher identifier(s) belonging to a person.
+
+
+
+
+
+
+
+ eduPersonPrimaryAffiliation
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.5
+ urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation
+ Primary affiliation
+ Primäre Zugehörigkeit
+ Affiliation pricipale
+ Appartenenza principale
+ 主要職位
+ Specifies the person's primary relationship to the institution in broad categories such as student, faculty, staff, alum, etc.
+ Spezifiziert der Hauptbeziehung einer Person innerhalb ihrer Organisation in groben Kategorien wie Student, Mitarbeiter, Alumni, etc.
+ Spécifie la relation principale d'une personne avec l'institution selon des majeures catégories comme étudiant, collaborateur, alumni etc.
+ Specifica la relazione principale dell persona con l'istituzione secondo le maggiori categorie come studente, collaboratore, alumni, etc.
+ 所属機関における主要な職位(faculty,staff,student,memberなど)
+
+
+
+
+
+
+
+ eduPersonPrimaryOrgUnitDN
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.8
+ urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN
+ Primary organization unit distinguished name
+ Distinguished name (DN) of the directory entry representing the person's primary Organizational Unit.
+
+
+
+
+
+
+
+ eduPersonPrincipalName
+ SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.6
+ urn:mace:dir:attribute-def:eduPersonPrincipalName
+ false
+ Principal name
+ Persönliche ID
+ Principal Name
+ Principal Name
+ プリンシパルID
+ A unique identifier for a person, mainly for inter-institutional user identification.
+ Eindeutige Benutzeridentifikation
+ Eindeutige Benützeridentifikation
+ L'identifiant unique de l'utilisateur
+ Un ID personale che identifica chiaramente l'utente in seno alla sua organizzazione
+ フェデレーション内で一意かつ永続的な利用者識別子
+
+
+
+
+
+
+
+ eduPersonPrincipalNamePrior
+ SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.12
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.12
+ false
+ Prior principal name(s)
+ eduPersonPrincipalName value(s) previously associated with the entry.
+
+
+
+
+
+
+
+ eduPersonScopedAffiliation
+ SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.9
+ urn:mace:dir:attribute-def:eduPersonScopedAffiliation
+ false
+ Scoped affiliation
+ Zugehörigkeit
+ Affiliation
+ Tipo di membro
+ スコープ付き職位
+ Specifies the person's affiliation within a particular security domain
+ Art der Zugehörigkeit zur Heimatorganisation
+ Art der Zugehörigkeit zur Heimorganisation
+ Type d'affiliation dans l'organisation
+ Tipo di membro: Tipo di lavoro svolto per l'organizzazione
+ セキュリティドメインのスコープが付いた所属機関における職位
+
+
+
+
+
+
+
+ eduPersonUniqueId
+ SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.13
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.13
+ false
+ Unique ID
+ Eindeutige ID
+ ID unique
+ ID unico
+ ユニークID
+ A unique identifier for a person, mainly for inter-institutional user identification.
+ Eindeutige Benutzeridentifikation
+ Eindeutige Benützeridentifikation
+ Identifiant unique de l'utilisateur
+ Un identificativo personale che identifica chiaramente l'utente in seno alla sua organizzazione
+ フェデレーション内で一意で永続的かつ難読化された利用者識別子(後継はサブジェクトID)
+
+
+
+
+
+
+
+
+
diff --git a/conf/attributes/inetOrgPerson.xml b/conf/attributes/inetOrgPerson.xml
new file mode 100644
index 0000000..c865157
--- /dev/null
+++ b/conf/attributes/inetOrgPerson.xml
@@ -0,0 +1,28 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/attributes/samlSubject.xml b/conf/attributes/samlSubject.xml
new file mode 100644
index 0000000..dac9a59
--- /dev/null
+++ b/conf/attributes/samlSubject.xml
@@ -0,0 +1,67 @@
+
+
+
+
+
+
+
+
+
+
+
+
+ samlSubjectID
+ SAML2ScopedStringTranscoder
+ urn:oasis:names:tc:SAML:attribute:subject-id
+ Unique ID
+ Eindeutige ID
+ ID unique
+ ID unico
+ サブジェクトID
+ A unique identifier for a person, mainly for inter-institutional user identification.
+ Eindeutige Benutzeridentifikation
+ Eindeutige Benützeridentifikation
+ Identifiant unique de l'utilisateur
+ Un identificativo personale che identifica chiaramente l'utente in seno alla sua organizzazione
+ フェデレーション内で一意で永続的かつ難読化された利用者識別子(eduPersonUniqueIdの後継)
+
+
+
+
+
+
+
+ samlPairwiseID
+ SAML2ScopedStringTranscoder
+ urn:oasis:names:tc:SAML:attribute:pairwise-id
+ Pairwise ID
+ Pairwise ID
+ Pairwise ID
+ Pairwise ID
+ ペアワイズID
+ Pairwise ID: A unique identifier for a person, different for each service provider.
+ Pairwise ID: Eindeutige Benutzeridentifikation, unterschiedlich pro Service Provider.
+ Pairwise ID: Eindeutige Benützeridentifikation, unterschiedlich pro Service Provider.
+ Pairwise ID: Un identifiant unique de l'utilisateur, différent pour chaque fournisseur de service.
+ Pairwise ID: identificativo unico della persona, differente per ogni fornitore di servizio.
+ フェデレーション内で一意かつSP毎に送出される値が異なる利用者識別子(eduPersonTargetedIDの後継)
+
+
+
+
+
+
+
+
+
diff --git a/conf/audit.xml b/conf/audit.xml
index 7245127..a9faf4c 100644
--- a/conf/audit.xml
+++ b/conf/audit.xml
@@ -14,7 +14,7 @@
This bean defines a mapping between audit log categories and formatting strings.
-->
-
+
@@ -40,6 +40,12 @@
+
+
+
+
+
+
diff --git a/conf/intercept/consent-intercept-config.xml b/conf/intercept/consent-intercept-config.xml
index 66f06a0..6e899e6 100644
--- a/conf/intercept/consent-intercept-config.xml
+++ b/conf/intercept/consent-intercept-config.xml
@@ -54,9 +54,7 @@
- transientId
- persistentId
- eduPersonTargetedID
+ samlPairwiseID
@@ -85,7 +85,7 @@
VelocityStatusMatcher
- ResourceManager : unable to find resource 'status.vm' in any resource loader.
+ ResourceManager\s*: unable to find resource 'status\.vm' in any resource loader\.
VelocityStatusMatcher.matches(formattedMessage)
@@ -109,7 +109,7 @@
UTF-8
- %date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{short}
+ %date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{full}
@@ -117,7 +117,7 @@
VelocityStatusMatcher
- ResourceManager : unable to find resource 'status.vm' in any resource loader.
+ ResourceManager\s*: unable to find resource 'status\.vm' in any resource loader\.
VelocityStatusMatcher.matches(formattedMessage)
diff --git a/conf/logback.xml.dist b/conf/logback.xml.dist
deleted file mode 100644
index ac19b1f..0000000
--- a/conf/logback.xml.dist
+++ /dev/null
@@ -1,191 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- ${idp.logfiles}/idp-process.log
-
-
- ${idp.logfiles}/idp-process-%d{yyyy-MM-dd}.log.gz
- ${idp.loghistory}
-
-
-
- UTF-8
- %date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{full}
-
-
-
-
-
-
- VelocityStatusMatcher
- ResourceManager : unable to find resource 'status.vm' in any resource loader.
-
- VelocityStatusMatcher.matches(formattedMessage)
-
- DENY
-
-
-
-
-
- 0
-
-
-
-
-
- WARN
-
-
- ${idp.logfiles}/idp-warn.log
-
-
- ${idp.logfiles}/idp-warn-%d{yyyy-MM-dd}.log.gz
- ${idp.loghistory}
-
-
-
- UTF-8
- %date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{short}
-
-
-
-
-
-
- VelocityStatusMatcher
- ResourceManager : unable to find resource 'status.vm' in any resource loader.
-
- VelocityStatusMatcher.matches(formattedMessage)
-
- DENY
-
-
-
-
-
- ${idp.logfiles}/idp-audit.log
-
-
- ${idp.logfiles}/idp-audit-%d{yyyy-MM-dd}.log.gz
- ${idp.loghistory}
-
-
-
- UTF-8
- %msg%n
-
-
-
-
-
- ${idp.logfiles}/idp-consent-audit.log
-
-
- ${idp.logfiles}/idp-consent-audit-%d{yyyy-MM-dd}.log.gz
- ${idp.loghistory}
-
-
-
- UTF-8
- %msg%n
-
-
-
-
-
- ${idp.fticks.loghost:-localhost}
- ${idp.fticks.logport:-514}
- AUTH
- [%thread] %logger %msg
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/conf/logback.xml.tmp3 b/conf/logback.xml.tmp3
deleted file mode 100644
index 4eebeaa..0000000
--- a/conf/logback.xml.tmp3
+++ /dev/null
@@ -1,191 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- /tmp/logidp-process
-
-
- ${idp.logfiles}/idp-process-%d{yyyy-MM-dd}.log.gz
- ${idp.loghistory}
-
-
-
- UTF-8
- %date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{full}
-
-
-
-
-
-
- VelocityStatusMatcher
- ResourceManager : unable to find resource 'status.vm' in any resource loader.
-
- VelocityStatusMatcher.matches(formattedMessage)
-
- DENY
-
-
-
-
-
- 0
-
-
-
-
-
- WARN
-
-
- /tmp/logidp-warn
-
-
- ${idp.logfiles}/idp-warn-%d{yyyy-MM-dd}.log.gz
- ${idp.loghistory}
-
-
-
- UTF-8
- %date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{short}
-
-
-
-
-
-
- VelocityStatusMatcher
- ResourceManager : unable to find resource 'status.vm' in any resource loader.
-
- VelocityStatusMatcher.matches(formattedMessage)
-
- DENY
-
-
-
-
-
- /tmp/logidp-audit
-
-
- ${idp.logfiles}/idp-audit-%d{yyyy-MM-dd}.log.gz
- ${idp.loghistory}
-
-
-
- UTF-8
- %msg%n
-
-
-
-
-
- ${idp.logfiles}/idp-consent-audit.log
-
-
- ${idp.logfiles}/idp-consent-audit-%d{yyyy-MM-dd}.log.gz
- ${idp.loghistory}
-
-
-
- UTF-8
- %msg%n
-
-
-
-
-
- ${idp.fticks.loghost:-localhost}
- ${idp.fticks.logport:-514}
- AUTH
- [%thread] %logger %msg
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/conf/metadata-providers.xml b/conf/metadata-providers.xml
index 5b7522d..e54c732 100644
--- a/conf/metadata-providers.xml
+++ b/conf/metadata-providers.xml
@@ -20,19 +20,19 @@
http://www.w3.org/2001/04/xmlenc# http://www.w3.org/TR/xmlenc-core/xenc-schema.xsd
http://www.w3.org/2009/xmlenc11# http://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/xenc-schema-11.xsd">
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
-
-
-
-
-
-
-
-
-
- https://mdq.incommon.org/
-
-
+
+
+
+
+
+
+
+
+
+ https://mdq.incommon.org/
+
diff --git a/conf/services.properties b/conf/services.properties
index 9dc3dff..6edb015 100644
--- a/conf/services.properties
+++ b/conf/services.properties
@@ -62,9 +62,8 @@ idp.service.managedBean.checkInterval = PT15M
#idp.message.resources = shibboleth.MessageSourceResources
#idp.message.cacheSeconds = 300
-# Parameters for pre-defined HttpClient instances which perform in-memory and filesystem caching.
-# These are used with components such as remote configuration resources that are explicitly wired
-# with these client instances, *not* by default with HTTP metadata resolvers.
+# These settings impact the behavior of the internal HTTP Client used by default
+# with some internal components, but notably *not* for metadata acquisition.
#idp.httpclient.useSecurityEnhancedTLSSocketFactory = false
#idp.httpclient.connectionDisregardTLSCertificate = false
#idp.httpclient.connectionRequestTimeout = PT1M
@@ -72,6 +71,11 @@ idp.service.managedBean.checkInterval = PT15M
#idp.httpclient.socketTimeout = PT1M
#idp.httpclient.maxConnectionsTotal = 100
#idp.httpclient.maxConnectionsPerRoute = 100
+
+# These are deprecated properties that configure the old caching HttpClient
+# beans that are no longer supported. If you want to manually configure
+# the caching clients, you should define the beans yourself and if desired
+# rely on properties of your own devising.
#idp.httpclient.memorycaching.maxCacheEntries = 50
#idp.httpclient.memorycaching.maxCacheEntrySize = 1048576
#idp.httpclient.filecaching.maxCacheEntries = 100
diff --git a/conf/services.xml b/conf/services.xml
index 5a4cdea..350f298 100644
--- a/conf/services.xml
+++ b/conf/services.xml
@@ -9,43 +9,7 @@
default-init-method="initialize"
default-destroy-method="destroy">
-
-
-
+
@@ -63,6 +27,10 @@
%{idp.home}/conf/attribute-resolver.xml
+
%{idp.home}/conf/attribute-registry.xml
%{idp.home}/system/conf/attribute-registry-system.xml