Hi Dave,
> Do you mean having this bit (from our IdP entry in the metadata)?
> <Organization>
> <OrganizationName xml:lang="en">Hull College</OrganizationName>
> <OrganizationDisplayName xml:lang="en">Hull College Group</OrganizationDisplayName>
> <OrganizationURL xml:lang="en">http://www.hull-college.ac.uk/</OrganizationURL>
> </Organization>
That's the display name that's picked up by the federation's CDS or by
an EDS with the legacy mode switched on, but the MDUI stanza I meant is
one like:
<mdui:UIInfo>
<mdui:DisplayName xml:lang="en">Rummidge University</mdui:DisplayName>
<mdui:Description xml:lang="en">This is an IdP for the University of
Rummidge.</mdui:Description>
<mdui:Logo height="80"
width="80">https://assets.rummidge.ac.uk/images/heads_80x80.jpg</mdui:Logo>
<mdui:Logo height="43"
width="100">https://assets.rummidge.ac.uk/images/heads_100x43.jpg</mdui:Logo>
<mdui:Logo height="104"
width="240">https://assets.rummidge.ac.uk/images/heads_240x104.jpg</mdui:Logo>
</mdui:UIInfo>
Cheers
Steve
> _________________________________________________
> Dave Perry
> eLearning Technologist, Hull College Group
>
> Room L34 - Queens Gardens Library
> Wilberforce Drive, Queen's Gardens, Hull, HU1 3DG
> Extension 2230 / Direct Dial 01482 381930
>
> * Need a fast reply? Try [log in to unmask] *
>
>
> -----Original Message-----
> From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Steve Glover
> Sent: 02 June 2016 11:01
> To: [log in to unmask]
> Subject: Re: Edit Institution Selection Options in Embedded Discovery Service
>
> Hi Angus,
>
>> I am using the UK Federation configuration given at
>> http://www.ukfederation.org.uk/content/Documents/Setup2SP along with
>> the embedded discovery service. There is a huge list of possible IDPs
>> to use and I would like to shorten the list so that it is similar to
>> the one offered by the UK federation WAYF service. Is there a way to
>> achieve this?
>
> Indeed there is.
>
> The MetadataProvider stanza in your shibboleth2.xml probably looks something like this:
>
> <MetadataProvider type="XML"
> uri="http://metadata.ukfederation.org.uk/ukfederation-metadata.xml"
> backingFilePath="/etc/shibboleth/ukfederation-metadata.xml"
> reloadInterval="14400">
>
> <MetadataFilter type="RequireValidUntil" maxValidityInterval="2592000"/>
>
> <SignatureMetadataFilter certificate="ukfederation.pem"/>
>
> </MetadataProvider>
>
> There are two changes you can make here that will improve usability of your EDS.
>
> The first is to add a filter so that you can chuck away the pre-production or experimental IdPs whose operators have asked us to mark them with the "hide-from-discovery" tag
>
> <DiscoveryFilter type="Blacklist" matcher="EntityAttributes"
> attributeName="http://macedir.org/entity-category"
> attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
> attributeValue="http://refeds.org/category/hide-from-discovery"
> trimTags="true" />
>
> (This facility was added in Shibboleth SP 2.5)
>
> We've updated the Setup2SP page at
>
> http://www.ukfederation.org.uk/content/Documents/Setup2SP
>
> to include this, and there is further information at
>
> https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPMetadataProvider#NativeSPMetadataProvider-DiscoveryFilter
>
> (actually, if you follow the "EntityMatcher" link to
>
> https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPEntityMatcher
>
> there's some detail on how to filter on other attributes)
>
> As to the second change, you've probably noticed that some IdPs show up by entityID rather than by display name - this is because the default behaviour of the EDS is to pick up the display name from the MDUI extensions - and not all IdP operators have added these. So there's a tag to let you pick up the OrganizationDisplayName
>
> legacyOrgNames="true"
>
> (If any operators of IdPs in the UK federation are reading this, please consider asking us to add MDUI info to your metadata
>
> http://www.ukfederation.org.uk/content/Documents/MDUIRecommendations
>
> as it makes your IdP that little bit easier to find)
>
> Anyway, putting both these changes into MetadataProvider stanza gives you this:
>
> <MetadataProvider type="XML"
>
> uri="http://metadata.ukfederation.org.uk/ukfederation-metadata.xml"
> legacyOrgNames="true"
> backingFilePath="/etc/shibboleth/ukfederation-metadata.xml"
> reloadInterval="14400">
>
> <MetadataFilter type="RequireValidUntil" maxValidityInterval="2592000"/>
>
> <DiscoveryFilter type="Blacklist" matcher="EntityAttributes"
> attributeName="http://macedir.org/entity-category"
> attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
> attributeValue="http://refeds.org/category/hide-from-discovery"
> trimTags="true" />
>
> <SignatureMetadataFilter certificate="ukfederation.pem"/>
>
> </MetadataProvider>
>
> and on restarting your SP, all those extra IdPs will be gone from your EDS.
>
> Hoping that this is useful.
>
> Steve Glover, UK federation support
>
>> Thank you,
>>
>> Angus Maidment
>>
>> Scientific Computing Department R18 G46
>>
>> Science and Technology Facilities Council
>>
>> Rutherford Appleton Laboratory
>>
>> Harwell Science and Innovation Campus
>>
>> OX11 0QX
>>
>> Tel: (01235) 77 8337
>>
>
> --
> The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
>
> **********************************************************************
> This message is sent in confidence for the addressee
> only. It may contain confidential or sensitive
> information. The contents are not to be disclosed
> to anyone other than the addressee. Unauthorised
> recipients are requested to preserve this
> confidentiality and to advise us of any errors in
> transmission. Any views expressed in this message
> are solely the views of the individual and do not
> represent the views of the College. Nothing in this
> message should be construed as creating a contract.
>
> Hull College Group owns the email infrastructure, including the contents.
>
> Hull College Group is committed to sustainability, please reflect before printing this email.
> **********************************************************************
>
> TEXT
>
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
|