Page History

After requesting the attribute filter:

• Add the following entry into <srv:Service id="shibboleth.AttributeFilterEngine" in $IDP_HOME/conf/service.xml(note that the URL varies for each IdP and has to be obtained from the federation administrators):

  Code Block
  xml xml
  <srv:ConfigurationResource xsi:type="resource:FileBackedHttpResource" url="https://directory.tuakiri.ac.nz/attribute-filter/<institution-domain>.xml" file="/opt/shibboleth-idp/conf/tuakiri-attribute-filter.xml" />

  
  

  Note
  Note: if your $IDP_HOME is different from /opt/shibboleth-idp, change the file path in the above snippet accordingly.

  
  

  Note
  If configuring this in Shibboleth IdP 2.1.x, do not use the srv: namespace prefix - i.e., use just: Code Block xml xml <ConfigurationResource xsi:type="resource:FileBackedHttpResource" url="https://directory.tuakiri.ac.nz/attribute-filter/<institution-domain>.xml" file="/opt/shibboleth-idp/conf/tuakiri-attribute-filter.xml" />

  
  

• We also strongly recommend you configure your IdP to periodically reload this file - we recommend at 2 hour intervals. This is documented in detail in the IdP Install Manual: Reloading configuration section and Load AAF Atribute Attribute Filter sections. The simple step is to add the configurationResourcePollingFrequency="PT2H0M0.000S" and configurationResourcePollingRetryAttempts="10" attributes to the <srv:Service id="shibboleth.AttributeFilterEngine"element. If you already have these attributes set for reloading the local configuration file - with a shorter interval, please adjust them accordingly to 2 hours for the remotely loaded attribute filter:

  No Format
  <srv:Service id="shibboleth.AttributeFilterEngine" + configurationResourcePollingFrequency="PT2H0M0.000S" configurationResourcePollingRetryAttempts="10" xsi:type="attribute-afp:ShibbolethAttributeFilteringEngine">