Hi Dave,
Sorry! I could have chosen a better example - the logo sizes in the
earlier example don't really fit with the purposes the images are used for:
* One of width 80 pixels and height 60 pixels (approximately), with a
transparent background. This is used by the Shibboleth EDS and the UK
federation CDS for preferred and previously selected IdPs.
* A 16 by 16 pixels 'icon'. This is used by the Shibboleth EDS.
giving something like:
<mdui:Logo height="60"
width="86">https://www.watermouth.ac.uk/idp/images/rec-detail.png</mdui:Logo>
<mdui:Logo height="16"
width="16">https://www.watermouth.ac.uk/idp/images/recon.png</mdui:Logo>
Cheers
Steve
On 02/06/16 12:20, Steve Glover wrote:
> Hi Dave,
>
>> Do you mean having this bit (from our IdP entry in the metadata)?
>
>> <Organization>
>> <OrganizationName xml:lang="en">Hull College</OrganizationName>
>> <OrganizationDisplayName xml:lang="en">Hull College Group</OrganizationDisplayName>
>> <OrganizationURL xml:lang="en">http://www.hull-college.ac.uk/</OrganizationURL>
>> </Organization>
>
> That's the display name that's picked up by the federation's CDS or by
> an EDS with the legacy mode switched on, but the MDUI stanza I meant is
> one like:
>
> <mdui:UIInfo>
> <mdui:DisplayName xml:lang="en">Rummidge University</mdui:DisplayName>
> <mdui:Description xml:lang="en">This is an IdP for the University of
> Rummidge.</mdui:Description>
> <mdui:Logo height="80"
> width="80">https://assets.rummidge.ac.uk/images/heads_80x80.jpg</mdui:Logo>
> <mdui:Logo height="43"
> width="100">https://assets.rummidge.ac.uk/images/heads_100x43.jpg</mdui:Logo>
> <mdui:Logo height="104"
> width="240">https://assets.rummidge.ac.uk/images/heads_240x104.jpg</mdui:Logo>
> </mdui:UIInfo>
>
> Cheers
>
> Steve
>
>> _________________________________________________
>> Dave Perry
>> eLearning Technologist, Hull College Group
>>
>> Room L34 - Queens Gardens Library
>> Wilberforce Drive, Queen's Gardens, Hull, HU1 3DG
>> Extension 2230 / Direct Dial 01482 381930
>>
>> * Need a fast reply? Try [log in to unmask] *
>>
>>
>> -----Original Message-----
>> From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Steve Glover
>> Sent: 02 June 2016 11:01
>> To: [log in to unmask]
>> Subject: Re: Edit Institution Selection Options in Embedded Discovery Service
>>
>> Hi Angus,
>>
>>> I am using the UK Federation configuration given at
>>> http://www.ukfederation.org.uk/content/Documents/Setup2SP along with
>>> the embedded discovery service. There is a huge list of possible IDPs
>>> to use and I would like to shorten the list so that it is similar to
>>> the one offered by the UK federation WAYF service. Is there a way to
>>> achieve this?
>>
>> Indeed there is.
>>
>> The MetadataProvider stanza in your shibboleth2.xml probably looks something like this:
>>
>> <MetadataProvider type="XML"
>> uri="http://metadata.ukfederation.org.uk/ukfederation-metadata.xml"
>> backingFilePath="/etc/shibboleth/ukfederation-metadata.xml"
>> reloadInterval="14400">
>>
>> <MetadataFilter type="RequireValidUntil" maxValidityInterval="2592000"/>
>>
>> <SignatureMetadataFilter certificate="ukfederation.pem"/>
>>
>> </MetadataProvider>
>>
>> There are two changes you can make here that will improve usability of your EDS.
>>
>> The first is to add a filter so that you can chuck away the pre-production or experimental IdPs whose operators have asked us to mark them with the "hide-from-discovery" tag
>>
>> <DiscoveryFilter type="Blacklist" matcher="EntityAttributes"
>> attributeName="http://macedir.org/entity-category"
>> attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
>> attributeValue="http://refeds.org/category/hide-from-discovery"
>> trimTags="true" />
>>
>> (This facility was added in Shibboleth SP 2.5)
>>
>> We've updated the Setup2SP page at
>>
>> http://www.ukfederation.org.uk/content/Documents/Setup2SP
>>
>> to include this, and there is further information at
>>
>> https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPMetadataProvider#NativeSPMetadataProvider-DiscoveryFilter
>>
>> (actually, if you follow the "EntityMatcher" link to
>>
>> https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPEntityMatcher
>>
>> there's some detail on how to filter on other attributes)
>>
>> As to the second change, you've probably noticed that some IdPs show up by entityID rather than by display name - this is because the default behaviour of the EDS is to pick up the display name from the MDUI extensions - and not all IdP operators have added these. So there's a tag to let you pick up the OrganizationDisplayName
>>
>> legacyOrgNames="true"
>>
>> (If any operators of IdPs in the UK federation are reading this, please consider asking us to add MDUI info to your metadata
>>
>> http://www.ukfederation.org.uk/content/Documents/MDUIRecommendations
>>
>> as it makes your IdP that little bit easier to find)
>>
>> Anyway, putting both these changes into MetadataProvider stanza gives you this:
>>
>> <MetadataProvider type="XML"
>>
>> uri="http://metadata.ukfederation.org.uk/ukfederation-metadata.xml"
>> legacyOrgNames="true"
>> backingFilePath="/etc/shibboleth/ukfederation-metadata.xml"
>> reloadInterval="14400">
>>
>> <MetadataFilter type="RequireValidUntil" maxValidityInterval="2592000"/>
>>
>> <DiscoveryFilter type="Blacklist" matcher="EntityAttributes"
>> attributeName="http://macedir.org/entity-category"
>> attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
>> attributeValue="http://refeds.org/category/hide-from-discovery"
>> trimTags="true" />
>>
>> <SignatureMetadataFilter certificate="ukfederation.pem"/>
>>
>> </MetadataProvider>
>>
>> and on restarting your SP, all those extra IdPs will be gone from your EDS.
>>
>> Hoping that this is useful.
>>
>> Steve Glover, UK federation support
>>
>>> Thank you,
>>>
>>> Angus Maidment
>>>
>>> Scientific Computing Department R18 G46
>>>
>>> Science and Technology Facilities Council
>>>
>>> Rutherford Appleton Laboratory
>>>
>>> Harwell Science and Innovation Campus
>>>
>>> OX11 0QX
>>>
>>> Tel: (01235) 77 8337
>>>
>>
>> --
>> The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
>>
>> **********************************************************************
>> This message is sent in confidence for the addressee
>> only. It may contain confidential or sensitive
>> information. The contents are not to be disclosed
>> to anyone other than the addressee. Unauthorised
>> recipients are requested to preserve this
>> confidentiality and to advise us of any errors in
>> transmission. Any views expressed in this message
>> are solely the views of the individual and do not
>> represent the views of the College. Nothing in this
>> message should be construed as creating a contract.
>>
>> Hull College Group owns the email infrastructure, including the contents.
>>
>> Hull College Group is committed to sustainability, please reflect before printing this email.
>> **********************************************************************
>>
>> TEXT
>>
>
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
|