Versions Compared

Old Version 35

changes.mady.by.user Alessandro Paolini

Saved on

compared with

New Version 36

changes.mady.by.user Alessandro Paolini

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 aarc-whiteaarc-yellowaarc-blue
white-normaluser  
white-superadmin  
yellow-normal user 
yellow-super admin 
blue-normal  user
blue-super  admin

 

Example Here an example of the SAML assertion containing attributes attribute provided by COmanage :and that we are using for mapping the user:

'entitlement': 'urn:mace:aarc-project.eu:am03.pilots.aarc-project.eu:members:member@aarc-white.pilots.aarc-project.eu;urn:mace:aarc-project.eu:am03.pilots.aarc-project.eu:admin:member@aarc-white2016-06-16 16:20:08.080078 2016-06-16 16:20:08.076 26843 DEBUG keystone.contrib.federation.utils [req-39a2356c-d6a7-4f99-a078-958a1c9c6393 - - - - -] assertion data: {'AUTH_TYPE': 'shibboleth', 'routes.route': <routes.route.Route object at 0x7fef65608d50>, 'wsgi.multiprocess': True, 'uid': 'jweeler', 'HTTP_REFERER': 'https://am-proxy.pilots.aarc-project.eu/ssp/module.php/consent/getconsent.php?StateId=_88fbb94db350f071178f7c276a56927582b22e20af%3Ahttps%3A%2F%2Fam-proxy.pilots.aarc-project.eu%2Fssp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttps%253A%252F%252Fam02.pilots.aarc-project.eu%252Fshibboleth%26cookieTime%3D1466086779%26RelayState%3Dss%253Amem%253A70ad8c79ffbba127459298442cfcee49ac24a2c252372cf6a225f5c322f89b72&yes=', 'eppn': 'jweeler@university-example.org', 'isMemberOf': 'urn:collab:org:aarc-project.eu', 'persistent-id': 'https://am-proxy.pilots.aarc-project.eu/ssp/saml2/idp/metadata.php!https://am02.pilots.aarc-project.eu/shibboleth!06753f07506abbcc9dea6e26324ed17bdf5b760c', 'CONTEXT_DOCUMENT_ROOT': '/var/www', 'SERVER_SOFTWARE': 'Apache/2.4.7 (Ubuntu)', 'SCRIPT_NAME': '/v3', 'mod_wsgi.enable_sendfile': '0', 'webob.adhoc_attrs': {'environ': None, 'response': <Response at 0x7fef655e7050 200 OK>}, 'mod_wsgi.handler_script': '', 'SERVER_SIGNATURE': '<address>Apache/2.4.7 (Ubuntu) Server at am02.pilots.aarc-project.eu Port 5000</address>\\n', 'REQUEST_METHOD': 'GET', 'PATH_INFO': '/auth/OS-FEDERATION/websso/saml2', 'SERVER_PROTOCOL': 'HTTP/1.1', 'QUERY_STRING': 'origin=https://am02.pilots.aarc-project.eu/horizon/auth/websso/', 'HTTP_ACCEPT_LANGUAGE': 'it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3', 'SSL_TLS_SNI': 'am02.pilots.aarc-project.eu', 'cn': 'Joseph Weeler', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0', 'HTTP_CONNECTION': 'keep-alive', 'HTTP_COOKIE': 'csrftoken=bthUddahYbORr7G383yHMFYK4aMrcyXD; _shibsession_64656661756c7468747470733a2f2f616d30322e70696c6f74732e616172632d70726f6a6563742e65752f73686962626f6c657468=_b39c5971bda7588ae30f0a3cc7bcba16', 'entitlement': 'urn:mace:aarc-project.eu:am03.pilots.aarc-project.eu:members:member@aarc-white.pilots.aarc-project.eu;urn:mace:aarc-project.eu:am03.pilots.aarc-project.eu:admin:member@aarc-white.pilots.aarc-project.eu', 'REMOTE_ADDR': '145.100.117.140', 'givenName': 'Joseph', 'mod_wsgi.queue_start': '1466086807956504', 'Shib-AuthnContext-Class': 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'mod_wsgi.request_handler': 'wsgi-script', 'wsgi.url_scheme': 'https', 'Shib-Authentication-Method': 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'wsgiorg.routing_args': (<routes.util.URLGenerator object at 0x7fef6418ecd0>, {'protocol_id': u'saml2'}), 'PATH_TRANSLATED': '/usr/bin/keystone-wsgi-public/v3/auth/OS-FEDERATION/websso/saml2', 'SERVER_PORT': '5000', 'displayName': 'Joseph Weeler', 'mail': 'Joseph+Weeler@university-example.org', 'mod_wsgi.version': (3, 4), 'unscoped-affiliation': 'member;employee;staff', 'SERVER_ADDR': '83.212.112.188', 'DOCUMENT_ROOT': '/var/www', 'mod_wsgi.process_group': 'keystone-public', 'webob._parsed_query_vars': (GET([(u'origin', u'https://am02.pilots.aarc-project.eu/horizon/auth/websso/')]), 'origin=https://am02.pilots.aarc-project.eu/horizon/auth/websso/'), 'Shib-Authentication-Instant': '2016-06-16T14:20:06Z', 'schacHomeOrganization': 'university-example.org', 'mod_wsgi.application_group': '', 'SCRIPT_FILENAME': '/usr/bin/keystone-wsgi-public', 'SERVER_ADMIN': '[no address given]', 'REMOTE_PORT': '52988', 'wsgi.input': <mod_wsgi.Input object at 0x7fef655c3db0>, 'REMOTE_USER': '', 'HTTP_HOST': 'am02.pilots.aarc-project.eu:5000', 'CONTEXT_PREFIX': '', 'wsgi.multithread': True, 'mod_wsgi.callable_object': 'application', 'routes.url': <routes.util.URLGenerator object at 0x7fef6418ecd0>, 'Shib-Session-Index': '_f7a49716b8e168ffa3ade9606db20fffbb6110ad9b', 'REQUEST_URI': '/v3/auth/OS-FEDERATION/websso/saml2?origin=https://am02.pilots.aarc-project.eu/horizon/auth/websso/', 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'openstack.request_id': 'req-39a2356c-d6a7-4f99-a078-958a1c9c6393', 'wsgi.version': (1, 0), 'openstack.context': {'headers': {'Accept-Language': 'it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate, br', 'Host': 'am02.pilots.aarc-project.eu:5000', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0', 'Connection': 'keep-alive', 'Cookie': 'csrftoken=bthUddahYbORr7G383yHMFYK4aMrcyXD; _shibsession_64656661756c7468747470733a2f2f616d30322e70696c6f74732e616172632d70726f6a6563742e65752f73686962626f6c657468=_b39c5971bda7588ae30f0a3cc7bcba16', 'Referer': 'https://am-proxy.pilots.aarc-project.eu/ssp/module.php/consent/getconsent.php?StateId=_88fbb94db350f071178f7c276a56927582b22e20af%3Ahttps%3A%2F%2Fam-proxy.pilots.aarc-project.eu%2Fssp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttps%253A%252F%252Fam02.pilots.aarc-project.eu%252Fshibboleth%26cookieTime%3D1466086779%26RelayState%3Dss%253Amem%253A70ad8c79ffbba127459298442cfcee49ac24a2c252372cf6a225f5c322f89b72&yes='}, 'accept_header': <MIMEAccept('text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8')>, 'environment': {'AUTH_TYPE': 'shibboleth', 'wsgi.version': (1, 0), 'mod_wsgi.listener_port': '5000', 'uid': 'jweeler', 'HTTP_REFERER': 'https://am-proxy.pilots.aarc-project.eu/ssp/module.php/consent/getconsent.php?StateId=_88fbb94db350f071178f7c276a56927582b22e20af%3Ahttps%3A%2F%2Fam-proxy.pilots.aarc-project.eu%2Fssp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttps%253A%252F%252Fam02.pilots.aarc-project.eu%252Fshibboleth%26cookieTime%3D1466086779%26RelayState%3Dss%253Amem%253A70ad8c79ffbba127459298442cfcee49ac24a2c252372cf6a225f5c322f89b72&yes=', 'mod_wsgi.listener_host': '', 'persistent-id': 'https://am-proxy.pilots.aarc-project.eu/ssp/saml2/idp/metadata.php!https://am02.pilots.aarc-project.eu/shibboleth!06753f07506abbcc9dea6e26324ed17bdf5b760c', 'CONTEXT_DOCUMENT_ROOT': '/var/www', 'SERVER_SOFTWARE': 'Apache/2.4.7 (Ubuntu)', 'SCRIPT_NAME': '/v3', 'REQUEST_SCHEME': 'https', 'webob.adhoc_attrs': {'environ': None, 'response': <Response at 0x7fef655e7050 200 OK>}, 'mod_wsgi.handler_script': '', 'SERVER_SIGNATURE': '<address>Apache/2.4.7 (Ubuntu) Server at am02.pilots.aarc-project.eu Port 5000</address>\\n', 'REQUEST_METHOD': 'GET', 'Shib-Authentication-Method': 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'SERVER_PROTOCOL': 'HTTP/1.1', 'QUERY_STRING': 'origin=https://am02.pilots.aarc-project.eu/horizon/auth/websso/', 'SSL_TLS_SNI': 'am02.pilots.aarc-project.eu', 'cn': 'Joseph Weeler', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0', 'HTTP_CONNECTION': 'keep-alive', 'HTTP_COOKIE': 'csrftoken=bthUddahYbORr7G383yHMFYK4aMrcyXD; _shibsession_64656661756c7468747470733a2f2f616d30322e70696c6f74732e616172632d70726f6a6563742e65752f73686962626f6c657468=_b39c5971bda7588ae30f0a3cc7bcba16', 'entitlement': 'urn:mace:aarc-project.eu:am03.pilots.aarc-project.eu:members:member@aarc-white.pilots.aarc-project.eu;urn:mace:aarc-project.eu:am03.pilots.aarc-project.eu:admin:member@aarc-white.pilots.aarc-project.eu', 'REMOTE_ADDR': '145.100.117.140', 'mod_wsgi.queue_start': '1466086807956504', 'Shib-AuthnContext-Class': 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'mod_wsgi.request_handler': 'wsgi-script', 'wsgi.url_scheme': 'https', 'isMemberOf': 'urn:collab:org:aarc-project.eu', 'wsgiorg.routing_args': (<routes.util.URLGenerator object at 0x7fef6418ecd0>, {'protocol_id': u'saml2'}), 'PATH_TRANSLATED': '/usr/bin/keystone-wsgi-public/v3/auth/OS-FEDERATION/websso/saml2', 'SERVER_PORT': '5000', 'mail': 'Joseph+Weeler@university-example.org', 'openstack.context': {...}, 'wsgi.multiprocess': True, 'unscoped-affiliation': 'member;employee;staff', 'SERVER_ADDR': '83.212.112.188', 'DOCUMENT_ROOT': '/var/www', 'mod_wsgi.process_group': 'keystone-public', 'webob._parsed_query_vars': (GET([(u'origin', u'https://am02.pilots.aarc-project.eu/horizon/auth/websso/')]), 'origin=https://am02.pilots.aarc-project.eu/horizon/auth/websso/'), 'routes.route': <r