...
The entitlement is the IdP's way of notifying Confusa that the given user is entitled to certain actions. This is not a required attribute for other users than the administrators. I.e. the IdP can easily remove an administrator. However, we do not want the IdPs to wildly add new administrator, so this attribute is a necessary but not sufficient condition for getting administrator privileges.
If not set, the user cannot be administrator. The attribute is freely configurable on the NREN-level. we have disabled it on the subscriber-level to avoid having subscriber-admins lock themselves and their whole institution out of the portal. However, we recommend usage of the eduPersonEntitlement attribute.
Panel | |
---|---|
Wiki Markup | TCS-\[eScience\|Personal\]-PortalThe central TCS eScience portal currently uses the following entitlement attributes:
|
...
| ePPN | ePODN | mail | Full Name | entitlement | enforced |
---|---|---|---|---|---|---|
Log in | required | optional | optional | optional | optional | yes |
Admin | required | required | optional | optional | required | yes |
Create certificate | required | required | required | required | required | yes |
Revoke certificate (user) | required | optional | optional | optional | optional | yes |
E-Mail certificate | required | optional | required | optional | optional | yes |
The 3 different Attribute Mapping cases
...