Documentation of the IdP-extension to release the user's IP address

As part of the Libraries walk-in-user pilot-pilot the Shibboleth IdP needs to release the IP adress of the user as attributes.

Download of source code as maven project:

daasi-extensions-ua.tar.gz

The extensions "user agent" is a Shibboleth data connector that provides the IP address of the user as attributes in 3 formats: IP4, IP6 or as a number. The Shibboleth
IP authentication handler is required for this data connector to work.

To deploy the connector, copy the JAR file in edit-webapp/WEB-INF/lib, re-build idp and restart tomcat.

The attribute-resolver.xml must be configured properly as the example below:

<resolver:AttributeResolver
		...
		xmlns:daasidc="urn:de:daasi:shibboleth:idp3:resolver:dc"
		xsi:schemaLocation="...
							urn:de:daasi:shibboleth:idp3:resolver:dc classpath:/schema/shibboleth-attribute-resolver-daasi-dc.xsd">

	...

    <resolver:DataConnector id="userAgentIpAddressDataConnector" xsi:type="daasidc:UserAgentIpAddressDataConnector" xmlns="urn:de:daasi:shibboleth:idp3:resolver:dc"
        userAgentAddressIPV4AttributeName="userAgentAddressIPV4"
        userAgentAddressIPV4AsLongAttributeName="userAgentAddressIPV4AsLong"
        userAgentAddressIPV6AttributeName="userAgentAddressIPV6"
    />

	<!-- Example Attribute Definition -->
	<resolver:AttributeDefinition xsi:type="ad:Simple" id="userAgentAddressIPV4" sourceAttributeID="userAgentAddressIPV4">
        <resolver:Dependency ref="userAgentIpAddressDataConnector" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="http://daasi.de/userAgentAddressIPV4" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="http://daasi.de/userAgentAddressIPV4" friendlyName="userAgentAddressIPV4" />
    </resolver:AttributeDefinition>

    <resolver:AttributeDefinition xsi:type="ad:Simple" id="userAgentAddressIPV4AsLong" sourceAttributeID="userAgentAddressIPV4AsLong">
        <resolver:Dependency ref="userAgentIpAddressDataConnector" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="http://daasi.de/userAgentAddressIPV4AsLong" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="http://daasi.de/userAgentAddressIPV4AsLong" friendlyName="userAgentAddressIPV4AsLong" />
    </resolver:AttributeDefinition>

    <resolver:AttributeDefinition xsi:type="ad:Simple" id="userAgentAddressIPV6" sourceAttributeID="userAgentAddressIPV6">
        <resolver:Dependency ref="userAgentIpAddressDataConnector" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="http://daasi.de/userAgentAddressIPV6" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="http://daasi.de/userAgentAddressIPV6" friendlyName="userAgentAddressIPV6" />
    </resolver:AttributeDefinition>

</resolver:AttributeResolver>

Additionally, the attribute needs to be added to the appopriate attribute-filter.

Space shortcuts

Page tree

2 Comments

Peter Brand

David Hübner