>The fallback position (which we will be using ourselves if a more general
>approach is not available in time) is to select from the federation
>metadata the scopes of all IdP organisations of interest. The metadata
>contains both the verified name of the organisation (which can be
>compared with the lists Sean Dunne mentioned) and the scope. The SP
>then has to authorise based on eduPersonScopedAffiliation having one of
>the selected scopes (and member, staff, student etc. as required).
Fiona,
Ok. I can now use either of the following solution. I now just need to
create the list based on the list provided by Sean Dunne and the verified
name of the organization. Both solutions work fine. The only thing which I
find strange is that the member scope does not include staff or student.
According to your ppt presentation
(www.jisc.ac.uk/uploaded_documents/SDSS%20-%20Fiona%20Culloch.ppt), the
member scope should include staff or student as well as few others ?
Solution 1:
require affiliation [log in to unmask]
require affiliation [log in to unmask]
Solution 2:
<?xml version="1.0" encoding="UTF-8"?>
<AccessControl xmlns="urn:mace:shibboleth:target:config:1.0">
<OR>
<Rule require="affiliation">[log in to unmask]</Rule>
<Rule require="affiliation">[log in to unmask]</Rule>
<Rule require="affiliation">[log in to unmask]</Rule>
</OR>
</AccessControl>
Thierry.
|