From f8d3464c9f0bf8c077920bba91f244de7a88257a Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 11 Mar 2020 15:21:30 +0000 Subject: [PATCH] update to 4.0.0 (release) --- conf/attribute-registry.xml | 9 +- conf/attribute-resolver-full.xml | 251 ------ conf/attribute-resolver-ldap.xml | 97 +-- conf/attributes/custom/{README.txt => README} | 0 conf/attributes/default-rules.xml | 743 +----------------- conf/attributes/eduCourse.xml | 50 ++ conf/attributes/eduPerson.xml | 266 +++++++ conf/attributes/inetOrgPerson.xml | 510 ++++++++++++ conf/attributes/samlSubject.xml | 67 ++ conf/audit.xml | 8 +- conf/intercept/consent-intercept-config.xml | 4 +- conf/logback.xml | 8 +- conf/logback.xml.dist | 8 +- conf/logback.xml.tmp3 | 191 ----- conf/metadata-providers.xml | 36 +- conf/services.properties | 10 +- conf/services.xml | 42 +- 17 files changed, 1007 insertions(+), 1293 deletions(-) delete mode 100644 conf/attribute-resolver-full.xml rename conf/attributes/custom/{README.txt => README} (100%) create mode 100644 conf/attributes/eduCourse.xml create mode 100644 conf/attributes/eduPerson.xml create mode 100644 conf/attributes/inetOrgPerson.xml create mode 100644 conf/attributes/samlSubject.xml delete mode 100644 conf/logback.xml.tmp3 diff --git a/conf/attribute-registry.xml b/conf/attribute-registry.xml index 8890f4b..133930b 100644 --- a/conf/attribute-registry.xml +++ b/conf/attribute-registry.xml @@ -16,11 +16,14 @@ The system comes preconfigured to load rules directly from resource files configured in services.xml so they're monitored for changes. - You can add mappings here, add more XML resource files, - or drop property files into the directory noted below. + You can add mappings here, add more XML resource files, or drop property + files into the directory noted below, but they won't be monitored for changes + themselves. --> - + diff --git a/conf/attribute-resolver-full.xml b/conf/attribute-resolver-full.xml deleted file mode 100644 index ad75dbc..0000000 --- a/conf/attribute-resolver-full.xml +++ /dev/null @@ -1,251 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf/attribute-resolver-ldap.xml b/conf/attribute-resolver-ldap.xml index 76e6d55..19b68d6 100644 --- a/conf/attribute-resolver-ldap.xml +++ b/conf/attribute-resolver-ldap.xml @@ -1,66 +1,58 @@ - - - + + + + - - + + - - - + + - +--> + + + + - - + + + + responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}" + exportAttributes="mail displayName sn givenName departmentNumber employeeNumber eduPersonEntitlement eduPersonAssurance"> - + + + + diff --git a/conf/attributes/custom/README.txt b/conf/attributes/custom/README similarity index 100% rename from conf/attributes/custom/README.txt rename to conf/attributes/custom/README diff --git a/conf/attributes/default-rules.xml b/conf/attributes/default-rules.xml index 24e6b09..c865157 100644 --- a/conf/attributes/default-rules.xml +++ b/conf/attributes/default-rules.xml @@ -14,738 +14,15 @@ - - - - - - - - - uid - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:0.9.2342.19200300.100.1.1 - urn:mace:dir:attribute-def:uid - User ID - Benutzer-ID - ID utilisateur - ID dell'utente - ユーザID - A unique identifier for a person, mainly used for user identification within the user's home organization. - Eine eindeutige Nummer für eine Person, welche hauptsächlich zur Identifikation innerhalb der Organisation benutzt wird. - Identifiant de connexion d'une personnes sur les systèmes informatiques. - Identificativo unico della persona, usato per l'identificazione dell'utente all'interno della organizzazione di appartenenza. - 所属機関内で一意の利用者識別子 - - - - - - - - mail - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:0.9.2342.19200300.100.1.3 - urn:mace:dir:attribute-def:mail - E-mail - E-Mail - Email - E-mail - メールアドレス - E-Mail: Preferred address for e-mail to be sent to this person - E-Mail-Adresse - E-Mail Adresse - Adresse de courrier électronique - E-Mail: l'indirizzo e-mail preferito dall'utente - メールアドレス - - - - - - - - homePhone - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:0.9.2342.19200300.100.1.20 - urn:mace:dir:attribute-def:homePhone - Private phone number - Telefon Privat - Teléphone personnel - Numero di telefono privato - 自宅電話番号 - Private phone number - Private Telefonnummer - Numéro de téléphone de domicile de la personne - Numero di telefono privato - 自宅の電話番号 - - - - - - - - homePostalAddress - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:0.9.2342.19200300.100.1.39 - urn:mace:dir:attribute-def:homePostalAddress - Home postal address - Heimatadresse - Heimadresse - Adresse personnelle - Indirizzo personale - 自宅住所 - Home postal address: Home address of the user - Heimatadresse - Heimadresse - Adresse postale de domicile de la personne - Indirizzo personale: indirizzo dove abita l'utente - 自宅の住所 - - - - - - - - mobile - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:0.9.2342.19200300.100.1.41 - urn:mace:dir:attribute-def:mobile - Mobile phone number - Telefon Mobil - Numéro de mobile - Numero di cellulare - 携帯電話番号 - Mobile phone number - Mobile Telefonnummer - Numéro de teléphone mobile - Numero di cellulare - 携帯電話の電話番号 - - - - - - - - pager - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:0.9.2342.19200300.100.1.42 - urn:mace:dir:attribute-def:pager - Pager number - Pager number - - - - - - - - surname - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:2.5.4.4 - urn:mace:dir:attribute-def:sn - Surname - Nachname - Nom de famille - Cognome - - Surname or family name - Familienname - Nom de famille de l'utilisateur. - Cognome dell'utilizzatore - 氏名(姓)の英語表記 - - - - - - - - locality - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:2.5.4.7 - urn:mace:dir:attribute-def:l - Locality name - Ort - Locality name - 場所(L) - Locality name - Ort - Nom de la localité où réside l'objet - 場所の名前 日本の場合は市区町村名 - - - - - - - - stateProvince - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:2.5.4.8 - urn:mace:dir:attribute-def:st - State or province name - 都道府県もしくは州や省(ST) - State or province name - 州名や省名 国によって異なり日本の場合は都道府県名 - - - - - - - - street - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:2.5.4.9 - urn:mace:dir:attribute-def:street - Street - Straße - Strasse - Rue - 通り - Street address - Name der Straße - Strassenadresse - Nom de rue - 通りおよび番地 - - - - - - - - organizationName - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:2.5.4.10 - urn:mace:dir:attribute-def:o - Organization name - Organisationsname - Nom de l'organisation - 所属機関名 - Organization name - Name der Organisation - Nom de l'organisation - 所属機関名称の英語表記 - - - - - - - - organizationalUnit - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:2.5.4.11 - urn:mace:dir:attribute-def:ou - Organizational unit - Organisationseinheit - Unité organisationnelle - 機関内所属名 - Organizational unit - Name der Organisationseinheit - Nom de l'unité organisationnelle - 機関内所属名称の英語表記 - - - - - - - - title - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:2.5.4.12 - urn:mace:dir:attribute-def:title - Title - Titel - Title - 肩書き - Title of a person - Titel der Person - Titre de la personne - 利用者の肩書き - - - - - - - - postalAddress - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:2.5.4.16 - urn:mace:dir:attribute-def:postalAddress - Business postal address - Geschäftsadresse - Adresse professionnelle - Indirizzo professionale - 所属機関住所 - Business postal address: Campus or office address - Geschäftliche Adresse - Adresse am Arbeitsplatz - Adresse de l'institut, de l'université - Indirizzo professionale: indirizzo dell'istituto o dell'ufficio - 所属機関の住所 - - - - - - - - postalCode - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:2.5.4.17 - urn:mace:dir:attribute-def:postalCode - Postal code - ZIP code - Postleitzahl - Code postal - 郵便番号 - Postal code - ZIP code - Postleitzahl - Code postal - 郵便番号 - - - - - - - - postOfficeBox - SAML2StringTranscoder SAML1StringTranscoder - urn:mace:dir:attribute-def:postOfficeBox - urn:oid:2.5.4.18 - Postal box - Postfach - Boite postale - Case postale - 私書箱 - Postal box identifier - Postfach - Boite postale - Case postale - 私書箱 - - - - - - - - telephoneNumber - SAML2StringTranscoder SAML1StringTranscoder - urn:mace:dir:attribute-def:telephoneNumber - urn:oid:2.5.4.20 - Business phone number - Telefon Geschäft - Teléphone professionnel - Numero di telefono dell'ufficio - 所属機関内電話番号 - Business phone number: Office or campus phone number - Telefonnummer am Arbeitsplatz - Teléphone de l'institut, de l'université - Numero di telefono dell'ufficio - 所属機関での利用者の電話番号 - - - - - - - - givenName - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:2.5.4.42 - urn:mace:dir:attribute-def:givenName - Given name - Vorname - Prénom - Nome - - Given name of a person - Vorname - Prénom de l'utilisateur - Nome - 氏名(名)の英語表記 - - - - - - - - initials - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:2.5.4.43 - urn:mace:dir:attribute-def:initials - Initials - Initialen - Initiales - イニシャル - Initials - Anfangsbuchstaben des Namens - Die Anfangsbuchstaben - L' initiales - イニシャル - - - - - - - - - - departmentNumber - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:2.16.840.1.113730.3.1.2 - urn:mace:dir:attribute-def:departmentNumber - Department number - Abteilungsnummer - Department number - Nummer der Abteilung - - - - - - - - displayName - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:2.16.840.1.113730.3.1.241 - urn:mace:dir:attribute-def:displayName - Display Name - Anzeigename - Nom - Nome - 表示名 - The name that should appear in white-pages-like applications for this person. - Anzeigename - Nom complet d'affichage - Nome - アプリケーションでの表示に用いられる英字氏名 - - - - - - - - employeeNumber - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:2.16.840.1.113730.3.1.3 - urn:mace:dir:attribute-def:employeeNumber - Employee number - Mitarbeiternummer - Numéro d'employé - Numero dell'utente - 従業員番号 - Identifies an employee within an organization - Identifiziert einen Mitarbeiter innerhalb der Organisation - Identifie un employé au sein de l'organisation - Identifica l' utente presso l'organizzazione - 所属機関における利用者の従業員番号 - - - - - - - - employeeType - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:2.16.840.1.113730.3.1.4 - urn:mace:dir:attribute-def:employeeType - Employee type - Employee type - - - - - - - - jpegPhoto - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:0.9.2342.19200300.100.1.60 - urn:mace:dir:attribute-def:jpegPhoto - JPEG Photo - Image of a person in JPEG format - - - - - - - - preferredLanguage - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:2.16.840.1.113730.3.1.39 - urn:mace:dir:attribute-def:preferredLanguage - Preferred Language - Bevorzugte Sprache - Langue préférée - Lingua preferita - 希望言語 - Preferred language: Users preferred language (see RFC1766) - Bevorzugte Sprache (siehe RFC1766) - Exemple: fr, de, it, en, ... (voir RFC1766) - Lingua preferita: la lingua preferita dall'utente (cfr. RFC1766) - 利用者が希望する言語(RFC1766 を参照) - - - - - - - - - - eduPersonAffiliation - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:1.3.6.1.4.1.5923.1.1.1.1 - urn:mace:dir:attribute-def:eduPersonAffiliation - Affiliation - Zugehörigkeit - Affiliation - Tipo di membro - 職位 - Affiliation: Type of affiliation with Home Organization - Art der Zugehörigkeit zur Heimatorganisation - Art der Zugehörigkeit zur Heimorganisation - Type d'affiliation dans l'organisation - Tipo di membro: Tipo di lavoro svolto per l'organizzazione - 所属機関における職位(faculty,staff,student,memberなど) - - - - - - - - eduPersonEntitlement - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:1.3.6.1.4.1.5923.1.1.1.7 - urn:mace:dir:attribute-def:eduPersonEntitlement - Entitlement - Berechtigung - Entitlement - Prerogativa - 資格情報 - Member of: URI (either URL or URN) that indicates a set of rights to specific resources based on an agreement across the releavant community - Zeichenkette, die Rechte für spezifische Ressourcen beschreibt - Membre de: URI (soit une URL ou une URN) décrivant un droit spécific d'accès. - Membro delle seguenti URI (sia URL o URN) che rappresentano diritti specifici d'accesso validi in tutta la communità - 特定のアプリケーションもしくはコミュニティ内の複数リソースへのアクセス権限を持つことを示すURI(URLもしくはURN) - - - - - - - - eduPersonNickname - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:1.3.6.1.4.1.5923.1.1.1.2 - urn:mace:dir:attribute-def:eduPersonNickname - Nick name - Kurzname - Übername - Surnom - Diminutivo - ニックネーム - Person's nickname, or the informal name by which they are accustomed to be hailed. - Kurzname einer Person, oder üblicher Rufname zur Begrüßung. - Übername einer Person, oder üblicher Rufname zur Begrüssung. - Nom personnalisable pour un usage informel. - Diminutivo della persona, o soprannome. - 利用者のニックネームもしくは通称 - - - - - - - - eduPersonPrimaryAffiliation - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:1.3.6.1.4.1.5923.1.1.1.5 - urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation - Primary affiliation - Primäre Zugehörigkeit - Affiliation pricipale - Appartenenza principale - 主要職位 - Specifies the person's primary relationship to the institution in broad categories such as student, faculty, staff, alum, etc. - Spezifiziert der Hauptbeziehung einer Person innerhalb ihrer Organisation in groben Kategorien wie Student, Mitarbeiter, Alumni, etc. - Spécifie la relation principale d'une personne avec l'institution selon des majeures catégories comme étudiant, collaborateur, alumni etc. - Specifica la relazione principale dell persona con l'istituzione secondo le maggiori categorie come studente, collaboratore, alumni, etc. - 所属機関における主要な職位(faculty,staff,student,memberなど) - - - - - - - - eduPersonPrincipalName - SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder - urn:oid:1.3.6.1.4.1.5923.1.1.1.6 - urn:mace:dir:attribute-def:eduPersonPrincipalName - false - Principal Name - Persönliche ID - Principal Name - Principal Name - プリンシパルID - A unique identifier for a person, mainly for inter-institutional user identification. - Eindeutige Benutzeridentifikation - Eindeutige Benützeridentifikation - L'identifiant unique de l'utilisateur - Un ID personale che identifica chiaramente l'utente in seno alla sua organizzazione - フェデレーション内で一意かつ永続的な利用者識別子 - - - - - - - - eduPersonPrincipalNamePrior - SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder - urn:oid:1.3.6.1.4.1.5923.1.1.1.12 - urn:oid:1.3.6.1.4.1.5923.1.1.1.12 - false - Prior Principal Name - eduPersonPrincipalName value that was previously associated with the entry. - - - - - - - - eduPersonScopedAffiliation - SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder - urn:oid:1.3.6.1.4.1.5923.1.1.1.9 - urn:mace:dir:attribute-def:eduPersonScopedAffiliation - false - Scoped Affiliation - Zugehörigkeit - Affiliation - Tipo di membro - スコープ付き職位 - Specifies the person's affiliation within a particular security domain - Art der Zugehörigkeit zur Heimatorganisation - Art der Zugehörigkeit zur Heimorganisation - Type d'affiliation dans l'organisation - Tipo di membro: Tipo di lavoro svolto per l'organizzazione - セキュリティドメインのスコープが付いた所属機関における職位 - - - - - - - - eduPersonAssurance - SAML2StringTranscoder SAML1StringTranscoder - urn:oid:1.3.6.1.4.1.5923.1.1.1.11 - urn:mace:dir:attribute-def:eduPersonAssurance - Assurance Level - Vertrauensgrad - Niveau de confiance - Livello di sicurezza - 保証レベル - Set of URIs that assert compliance with specific standards for identity assurance. - URIs die eine gewisse Zusicherung für spezifische Standards des Vertrauens beinhalten - Un ensemble d'URI qui attestent la conformité selon un standard pour les niveaux d'assurance d'identités - Un insieme di URI che asseriscono l'osservanza dei livelli di sicurezza richiesti - IDの保証レベルに関して特定の基準に準拠していることを示すURI - - - - - - - - - - eduPersonUniqueId - SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder - urn:oid:1.3.6.1.4.1.5923.1.1.1.13 - urn:oid:1.3.6.1.4.1.5923.1.1.1.13 - false - Unique ID - Eindeutige ID - ID unique - ID unico - ユニークID - A unique identifier for a person, mainly for inter-institutional user identification. - Eindeutige Benutzeridentifikation - Eindeutige Benützeridentifikation - Identifiant unique de l'utilisateur - Un identificativo personale che identifica chiaramente l'utente in seno alla sua organizzazione - フェデレーション内で一意で永続的かつ難読化された利用者識別子(後継はサブジェクトID) - - - - - - - - - - samlSubjectID - SAML2ScopedStringTranscoder - urn:oasis:names:tc:SAML:attribute:subject-id - Unique ID - Eindeutige ID - ID unique - ID unico - サブジェクトID - A unique identifier for a person, mainly for inter-institutional user identification. - Eindeutige Benutzeridentifikation - Eindeutige Benützeridentifikation - Identifiant unique de l'utilisateur - Un identificativo personale che identifica chiaramente l'utente in seno alla sua organizzazione - フェデレーション内で一意で永続的かつ難読化された利用者識別子(eduPersonUniqueIdの後継) - - - - - - - - samlPairwiseID - SAML2ScopedStringTranscoder - urn:oasis:names:tc:SAML:attribute:pairwise-id - Pairwise ID - Pairwise ID - Pairwise ID - Pairwise ID - ペアワイズID - Pairwise ID: A unique identifier for a person, different for each service provider. - Pairwise ID: Eindeutige Benutzeridentifikation, unterschiedlich pro Service Provider. - Pairwise ID: Eindeutige Benützeridentifikation, unterschiedlich pro Service Provider. - Pairwise ID: Un identifiant unique de l'utilisateur, différent pour chaque fournisseur de service. - Pairwise ID: identificativo unico della persona, differente per ogni fornitore di servizio. - フェデレーション内で一意かつSP毎に送出される値が異なる利用者識別子(eduPersonTargetedIDの後継) - - - - - - - + + + + + + diff --git a/conf/attributes/eduCourse.xml b/conf/attributes/eduCourse.xml new file mode 100644 index 0000000..6794da6 --- /dev/null +++ b/conf/attributes/eduCourse.xml @@ -0,0 +1,50 @@ + + + + + + + + + + + eduCourseOffering + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.6.1.1 + urn:oid:1.3.6.1.4.1.5923.1.6.1.1 + Course offering + Unique identifier for a course offering + + + + + + + + eduCourseMember + SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.6.1.2 + urn:oid:1.3.6.1.4.1.5923.1.6.1.2 + false + Course role + Specifies the person's role within a particular course offering + + + + + + + + + diff --git a/conf/attributes/eduPerson.xml b/conf/attributes/eduPerson.xml new file mode 100644 index 0000000..afe1299 --- /dev/null +++ b/conf/attributes/eduPerson.xml @@ -0,0 +1,266 @@ + + + + + + + + + + + eduPersonAffiliation + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.1 + urn:mace:dir:attribute-def:eduPersonAffiliation + Affiliation + Zugehörigkeit + Affiliation + Tipo di membro + 職位 + Affiliation: Type of affiliation with Home Organization + Art der Zugehörigkeit zur Heimatorganisation + Art der Zugehörigkeit zur Heimorganisation + Type d'affiliation dans l'organisation + Tipo di membro: Tipo di lavoro svolto per l'organizzazione + 所属機関における職位(faculty,staff,student,memberなど) + + + + + + + + eduPersonAssurance + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.11 + urn:mace:dir:attribute-def:eduPersonAssurance + Assurance level + Vertrauensgrad + Niveau de confiance + Livello di sicurezza + 保証レベル + Set of URIs that assert compliance with specific standards for identity assurance. + URIs die eine gewisse Zusicherung für spezifische Standards des Vertrauens beinhalten + Un ensemble d'URI qui attestent la conformité selon un standard pour les niveaux d'assurance d'identités + Un insieme di URI che asseriscono l'osservanza dei livelli di sicurezza richiesti + IDの保証レベルに関して特定の基準に準拠していることを示すURI + + + + + + + + eduPersonEntitlement + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.7 + urn:mace:dir:attribute-def:eduPersonEntitlement + Entitlement + Berechtigung + Entitlement + Prerogativa + 資格情報 + Member of: URI (either URL or URN) that indicates a set of rights to specific resources based on an agreement across the releavant community + Zeichenkette, die Rechte für spezifische Ressourcen beschreibt + Membre de: URI (soit une URL ou une URN) décrivant un droit spécific d'accès. + Membro delle seguenti URI (sia URL o URN) che rappresentano diritti specifici d'accesso validi in tutta la communità + 特定のアプリケーションもしくはコミュニティ内の複数リソースへのアクセス権限を持つことを示すURI(URLもしくはURN) + + + + + + + + eduPersonNickname + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.2 + urn:mace:dir:attribute-def:eduPersonNickname + Nickname + Kurzname + Übername + Surnom + Diminutivo + ニックネーム + Person's nickname, or the informal name by which they are accustomed to be hailed. + Kurzname einer Person, oder üblicher Rufname zur Begrüßung. + Übername einer Person, oder üblicher Rufname zur Begrüssung. + Nom personnalisable pour un usage informel. + Diminutivo della persona, o soprannome. + 利用者のニックネームもしくは通称 + + + + + + + + eduPersonOrgDN + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.3 + urn:mace:dir:attribute-def:eduPersonOrgDN + Organization distinguished name + Distinguished name (DN) of the directory entry representing the institution with which the person is associated. + + + + + + + + eduPersonOrgUnitDN + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.4 + urn:mace:dir:attribute-def:eduPersonOrgUnitDN + Organization unit distinguished name + Distinguished name(s) (DN) of the directory entries representing the person's Organizational Unit(s). + + + + + + + + eduPersonOrcid + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.16 + urn:oid:1.3.6.1.4.1.5923.1.1.1.16 + ORCID + ORCID researcher identifier(s) belonging to a person. + + + + + + + + eduPersonPrimaryAffiliation + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.5 + urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation + Primary affiliation + Primäre Zugehörigkeit + Affiliation pricipale + Appartenenza principale + 主要職位 + Specifies the person's primary relationship to the institution in broad categories such as student, faculty, staff, alum, etc. + Spezifiziert der Hauptbeziehung einer Person innerhalb ihrer Organisation in groben Kategorien wie Student, Mitarbeiter, Alumni, etc. + Spécifie la relation principale d'une personne avec l'institution selon des majeures catégories comme étudiant, collaborateur, alumni etc. + Specifica la relazione principale dell persona con l'istituzione secondo le maggiori categorie come studente, collaboratore, alumni, etc. + 所属機関における主要な職位(faculty,staff,student,memberなど) + + + + + + + + eduPersonPrimaryOrgUnitDN + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.8 + urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN + Primary organization unit distinguished name + Distinguished name (DN) of the directory entry representing the person's primary Organizational Unit. + + + + + + + + eduPersonPrincipalName + SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.6 + urn:mace:dir:attribute-def:eduPersonPrincipalName + false + Principal name + Persönliche ID + Principal Name + Principal Name + プリンシパルID + A unique identifier for a person, mainly for inter-institutional user identification. + Eindeutige Benutzeridentifikation + Eindeutige Benützeridentifikation + L'identifiant unique de l'utilisateur + Un ID personale che identifica chiaramente l'utente in seno alla sua organizzazione + フェデレーション内で一意かつ永続的な利用者識別子 + + + + + + + + eduPersonPrincipalNamePrior + SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.12 + urn:oid:1.3.6.1.4.1.5923.1.1.1.12 + false + Prior principal name(s) + eduPersonPrincipalName value(s) previously associated with the entry. + + + + + + + + eduPersonScopedAffiliation + SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.9 + urn:mace:dir:attribute-def:eduPersonScopedAffiliation + false + Scoped affiliation + Zugehörigkeit + Affiliation + Tipo di membro + スコープ付き職位 + Specifies the person's affiliation within a particular security domain + Art der Zugehörigkeit zur Heimatorganisation + Art der Zugehörigkeit zur Heimorganisation + Type d'affiliation dans l'organisation + Tipo di membro: Tipo di lavoro svolto per l'organizzazione + セキュリティドメインのスコープが付いた所属機関における職位 + + + + + + + + eduPersonUniqueId + SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.13 + urn:oid:1.3.6.1.4.1.5923.1.1.1.13 + false + Unique ID + Eindeutige ID + ID unique + ID unico + ユニークID + A unique identifier for a person, mainly for inter-institutional user identification. + Eindeutige Benutzeridentifikation + Eindeutige Benützeridentifikation + Identifiant unique de l'utilisateur + Un identificativo personale che identifica chiaramente l'utente in seno alla sua organizzazione + フェデレーション内で一意で永続的かつ難読化された利用者識別子(後継はサブジェクトID) + + + + + + + + + diff --git a/conf/attributes/inetOrgPerson.xml b/conf/attributes/inetOrgPerson.xml new file mode 100644 index 0000000..da4cdcf --- /dev/null +++ b/conf/attributes/inetOrgPerson.xml @@ -0,0 +1,510 @@ + + + + + + + + + + + + + cn + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.3 + urn:mace:dir:attribute-def:cn + Common name + Common name of a person + + + + + + + + departmentNumber + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.16.840.1.113730.3.1.2 + urn:mace:dir:attribute-def:departmentNumber + Department number + Abteilungsnummer + Department number + Nummer der Abteilung + + + + + + + + displayName + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.16.840.1.113730.3.1.241 + urn:mace:dir:attribute-def:displayName + Display name + Anzeigename + Nom + Nome + 表示名 + The name that should appear in white-pages-like applications for this person. + Anzeigename + Nom complet d'affichage + Nome + アプリケーションでの表示に用いられる英字氏名 + + + + + + + + employeeNumber + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.16.840.1.113730.3.1.3 + urn:mace:dir:attribute-def:employeeNumber + Employee number + Mitarbeiternummer + Numéro d'employé + Numero dell'utente + 従業員番号 + Identifies an employee within an organization + Identifiziert einen Mitarbeiter innerhalb der Organisation + Identifie un employé au sein de l'organisation + Identifica l' utente presso l'organizzazione + 所属機関における利用者の従業員番号 + + + + + + + + employeeType + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.16.840.1.113730.3.1.4 + urn:mace:dir:attribute-def:employeeType + Employee type + Employee type + + + + + + + + givenName + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.42 + urn:mace:dir:attribute-def:givenName + Given name + Vorname + Prénom + Nome + + Given name of a person + Vorname + Prénom de l'utilisateur + Nome + 氏名(名)の英語表記 + + + + + + + + homePhone + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:0.9.2342.19200300.100.1.20 + urn:mace:dir:attribute-def:homePhone + Private phone number + Telefon Privat + Teléphone personnel + Numero di telefono privato + 自宅電話番号 + Private phone number + Private Telefonnummer + Numéro de téléphone de domicile de la personne + Numero di telefono privato + 自宅の電話番号 + + + + + + + + homePostalAddress + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:0.9.2342.19200300.100.1.39 + urn:mace:dir:attribute-def:homePostalAddress + Home postal address + Heimatadresse + Heimadresse + Adresse personnelle + Indirizzo personale + 自宅住所 + Home postal address: Home address of the user + Heimatadresse + Heimadresse + Adresse postale de domicile de la personne + Indirizzo personale: indirizzo dove abita l'utente + 自宅の住所 + + + + + + + + initials + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.43 + urn:mace:dir:attribute-def:initials + Initials + Initialen + Initiales + イニシャル + Initials + Anfangsbuchstaben des Namens + Die Anfangsbuchstaben + L' initiales + イニシャル + + + + + + + + l + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.7 + urn:mace:dir:attribute-def:l + Locality name + Ort + Locality name + 場所(L) + Locality name + Ort + Nom de la localité où réside l'objet + 場所の名前 日本の場合は市区町村名 + + + + + + + + mail + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:0.9.2342.19200300.100.1.3 + urn:mace:dir:attribute-def:mail + E-mail + E-Mail + Email + E-mail + メールアドレス + E-Mail: Preferred address for e-mail to be sent to this person + E-Mail-Adresse + E-Mail Adresse + Adresse de courrier électronique + E-Mail: l'indirizzo e-mail preferito dall'utente + メールアドレス + + + + + + + + mobile + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:0.9.2342.19200300.100.1.41 + urn:mace:dir:attribute-def:mobile + Mobile phone number + Telefon Mobil + Numéro de mobile + Numero di cellulare + 携帯電話番号 + Mobile phone number + Mobile Telefonnummer + Numéro de teléphone mobile + Numero di cellulare + 携帯電話の電話番号 + + + + + + + + o + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.10 + urn:mace:dir:attribute-def:o + Organization name + Organisationsname + Nom de l'organisation + 所属機関名 + Organization name + Name der Organisation + Nom de l'organisation + 所属機関名称の英語表記 + + + + + + + + ou + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.11 + urn:mace:dir:attribute-def:ou + Organizational unit + Organisationseinheit + Unité organisationnelle + 機関内所属名 + Organizational unit + Name der Organisationseinheit + Nom de l'unité organisationnelle + 機関内所属名称の英語表記 + + + + + + + + pager + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:0.9.2342.19200300.100.1.42 + urn:mace:dir:attribute-def:pager + Pager number + Pager number + + + + + + + + postalAddress + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.16 + urn:mace:dir:attribute-def:postalAddress + Business postal address + Geschäftsadresse + Adresse professionnelle + Indirizzo professionale + 所属機関住所 + Business postal address: Campus or office address + Geschäftliche Adresse + Adresse am Arbeitsplatz + Adresse de l'institut, de l'université + Indirizzo professionale: indirizzo dell'istituto o dell'ufficio + 所属機関の住所 + + + + + + + + postalCode + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.17 + urn:mace:dir:attribute-def:postalCode + Postal code + ZIP code + Postleitzahl + Code postal + 郵便番号 + Postal code + ZIP code + Postleitzahl + Code postal + 郵便番号 + + + + + + + + postOfficeBox + SAML2StringTranscoder SAML1StringTranscoder + urn:mace:dir:attribute-def:postOfficeBox + urn:oid:2.5.4.18 + Postal box + Postfach + Boite postale + Case postale + 私書箱 + Postal box identifier + Postfach + Boite postale + Case postale + 私書箱 + + + + + + + + preferredLanguage + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.16.840.1.113730.3.1.39 + urn:mace:dir:attribute-def:preferredLanguage + Preferred Language + Bevorzugte Sprache + Langue préférée + Lingua preferita + 希望言語 + Preferred language: Users preferred language (see RFC1766) + Bevorzugte Sprache (siehe RFC1766) + Exemple: fr, de, it, en, ... (voir RFC1766) + Lingua preferita: la lingua preferita dall'utente (cfr. RFC1766) + 利用者が希望する言語(RFC1766 を参照) + + + + + + + + sn + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.4 + urn:mace:dir:attribute-def:sn + Surname + Nachname + Nom de famille + Cognome + + Surname or family name + Familienname + Nom de famille de l'utilisateur. + Cognome dell'utilizzatore + 氏名(姓)の英語表記 + + + + + + + + st + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.8 + urn:mace:dir:attribute-def:st + State or province name + 都道府県もしくは州や省(ST) + State or province name + 州名や省名 国によって異なり日本の場合は都道府県名 + + + + + + + + street + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.9 + urn:mace:dir:attribute-def:street + Street + Straße + Strasse + Rue + 通り + Street address + Name der Straße + Strassenadresse + Nom de rue + 通りおよび番地 + + + + + + + + + telephoneNumber + SAML2StringTranscoder SAML1StringTranscoder + urn:mace:dir:attribute-def:telephoneNumber + urn:oid:2.5.4.20 + Business phone number + Telefon Geschäft + Teléphone professionnel + Numero di telefono dell'ufficio + 所属機関内電話番号 + Business phone number: Office or campus phone number + Telefonnummer am Arbeitsplatz + Teléphone de l'institut, de l'université + Numero di telefono dell'ufficio + 所属機関での利用者の電話番号 + + + + + + + + title + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.12 + urn:mace:dir:attribute-def:title + Title + Titel + Title + 肩書き + Title of a person + Titel der Person + Titre de la personne + 利用者の肩書き + + + + + + + + uid + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:0.9.2342.19200300.100.1.1 + urn:mace:dir:attribute-def:uid + User ID + Benutzer-ID + ID utilisateur + ID dell'utente + ユーザID + A unique identifier for a person, mainly used for user identification within the user's home organization. + Eine eindeutige Nummer für eine Person, welche hauptsächlich zur Identifikation innerhalb der Organisation benutzt wird. + Identifiant de connexion d'une personnes sur les systèmes informatiques. + Identificativo unico della persona, usato per l'identificazione dell'utente all'interno della organizzazione di appartenenza. + 所属機関内で一意の利用者識別子 + + + + + + + + + diff --git a/conf/attributes/samlSubject.xml b/conf/attributes/samlSubject.xml new file mode 100644 index 0000000..dac9a59 --- /dev/null +++ b/conf/attributes/samlSubject.xml @@ -0,0 +1,67 @@ + + + + + + + + + + + + + samlSubjectID + SAML2ScopedStringTranscoder + urn:oasis:names:tc:SAML:attribute:subject-id + Unique ID + Eindeutige ID + ID unique + ID unico + サブジェクトID + A unique identifier for a person, mainly for inter-institutional user identification. + Eindeutige Benutzeridentifikation + Eindeutige Benützeridentifikation + Identifiant unique de l'utilisateur + Un identificativo personale che identifica chiaramente l'utente in seno alla sua organizzazione + フェデレーション内で一意で永続的かつ難読化された利用者識別子(eduPersonUniqueIdの後継) + + + + + + + + samlPairwiseID + SAML2ScopedStringTranscoder + urn:oasis:names:tc:SAML:attribute:pairwise-id + Pairwise ID + Pairwise ID + Pairwise ID + Pairwise ID + ペアワイズID + Pairwise ID: A unique identifier for a person, different for each service provider. + Pairwise ID: Eindeutige Benutzeridentifikation, unterschiedlich pro Service Provider. + Pairwise ID: Eindeutige Benützeridentifikation, unterschiedlich pro Service Provider. + Pairwise ID: Un identifiant unique de l'utilisateur, différent pour chaque fournisseur de service. + Pairwise ID: identificativo unico della persona, differente per ogni fornitore di servizio. + フェデレーション内で一意かつSP毎に送出される値が異なる利用者識別子(eduPersonTargetedIDの後継) + + + + + + + + + diff --git a/conf/audit.xml b/conf/audit.xml index 7245127..a9faf4c 100644 --- a/conf/audit.xml +++ b/conf/audit.xml @@ -14,7 +14,7 @@ This bean defines a mapping between audit log categories and formatting strings. --> - + @@ -40,6 +40,12 @@ + + + + + + diff --git a/conf/intercept/consent-intercept-config.xml b/conf/intercept/consent-intercept-config.xml index 66f06a0..6e899e6 100644 --- a/conf/intercept/consent-intercept-config.xml +++ b/conf/intercept/consent-intercept-config.xml @@ -54,9 +54,7 @@ - transientId - persistentId - eduPersonTargetedID + samlPairwiseID @@ -85,7 +85,7 @@ VelocityStatusMatcher - ResourceManager : unable to find resource 'status.vm' in any resource loader. + ResourceManager\s*: unable to find resource 'status\.vm' in any resource loader\. VelocityStatusMatcher.matches(formattedMessage) @@ -109,7 +109,7 @@ UTF-8 - %date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{short} + %date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{full} @@ -117,7 +117,7 @@ VelocityStatusMatcher - ResourceManager : unable to find resource 'status.vm' in any resource loader. + ResourceManager\s*: unable to find resource 'status\.vm' in any resource loader\. VelocityStatusMatcher.matches(formattedMessage) diff --git a/conf/logback.xml.dist b/conf/logback.xml.dist index ac19b1f..2b76770 100644 --- a/conf/logback.xml.dist +++ b/conf/logback.xml.dist @@ -81,7 +81,7 @@ UTF-8 - %date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{full} + %date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{short} @@ -89,7 +89,7 @@ VelocityStatusMatcher - ResourceManager : unable to find resource 'status.vm' in any resource loader. + ResourceManager\s*: unable to find resource 'status\.vm' in any resource loader\. VelocityStatusMatcher.matches(formattedMessage) @@ -117,7 +117,7 @@ UTF-8 - %date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{short} + %date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{full} @@ -125,7 +125,7 @@ VelocityStatusMatcher - ResourceManager : unable to find resource 'status.vm' in any resource loader. + ResourceManager\s*: unable to find resource 'status\.vm' in any resource loader\. VelocityStatusMatcher.matches(formattedMessage) diff --git a/conf/logback.xml.tmp3 b/conf/logback.xml.tmp3 deleted file mode 100644 index 4eebeaa..0000000 --- a/conf/logback.xml.tmp3 +++ /dev/null @@ -1,191 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - /tmp/logidp-process - - - ${idp.logfiles}/idp-process-%d{yyyy-MM-dd}.log.gz - ${idp.loghistory} - - - - UTF-8 - %date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{full} - - - - - - - VelocityStatusMatcher - ResourceManager : unable to find resource 'status.vm' in any resource loader. - - VelocityStatusMatcher.matches(formattedMessage) - - DENY - - - - - - 0 - - - - - - WARN - - - /tmp/logidp-warn - - - ${idp.logfiles}/idp-warn-%d{yyyy-MM-dd}.log.gz - ${idp.loghistory} - - - - UTF-8 - %date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{short} - - - - - - - VelocityStatusMatcher - ResourceManager : unable to find resource 'status.vm' in any resource loader. - - VelocityStatusMatcher.matches(formattedMessage) - - DENY - - - - - - /tmp/logidp-audit - - - ${idp.logfiles}/idp-audit-%d{yyyy-MM-dd}.log.gz - ${idp.loghistory} - - - - UTF-8 - %msg%n - - - - - - ${idp.logfiles}/idp-consent-audit.log - - - ${idp.logfiles}/idp-consent-audit-%d{yyyy-MM-dd}.log.gz - ${idp.loghistory} - - - - UTF-8 - %msg%n - - - - - - ${idp.fticks.loghost:-localhost} - ${idp.fticks.logport:-514} - AUTH - [%thread] %logger %msg - - - - - - - - - - - - - - - - - - - - diff --git a/conf/metadata-providers.xml b/conf/metadata-providers.xml index 0667e71..fc81612 100644 --- a/conf/metadata-providers.xml +++ b/conf/metadata-providers.xml @@ -20,19 +20,19 @@ http://www.w3.org/2001/04/xmlenc# http://www.w3.org/TR/xmlenc-core/xenc-schema.xsd http://www.w3.org/2009/xmlenc11# http://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/xenc-schema-11.xsd"> - - - - - - - - - - - - - + + + + - - + @@ -63,6 +27,10 @@ %{idp.home}/conf/attribute-resolver.xml + %{idp.home}/conf/attribute-registry.xml %{idp.home}/system/conf/attribute-registry-system.xml