Steve
Do you mean having this bit (from our IdP entry in the metadata)?
<Organization>
<OrganizationName xml:lang="en">Hull College</OrganizationName>
<OrganizationDisplayName xml:lang="en">Hull College Group</OrganizationDisplayName>
<OrganizationURL xml:lang="en">http://www.hull-college.ac.uk/</OrganizationURL>
</Organization>
Thanks,
Dave
_________________________________________________
Dave Perry
eLearning Technologist, Hull College Group
Room L34 - Queens Gardens Library
Wilberforce Drive, Queen's Gardens, Hull, HU1 3DG
Extension 2230 / Direct Dial 01482 381930
* Need a fast reply? Try [log in to unmask] *
-----Original Message-----
From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Steve Glover
Sent: 02 June 2016 11:01
To: [log in to unmask]
Subject: Re: Edit Institution Selection Options in Embedded Discovery Service
Hi Angus,
> I am using the UK Federation configuration given at
> http://www.ukfederation.org.uk/content/Documents/Setup2SP along with
> the embedded discovery service. There is a huge list of possible IDPs
> to use and I would like to shorten the list so that it is similar to
> the one offered by the UK federation WAYF service. Is there a way to
> achieve this?
Indeed there is.
The MetadataProvider stanza in your shibboleth2.xml probably looks something like this:
<MetadataProvider type="XML"
uri="http://metadata.ukfederation.org.uk/ukfederation-metadata.xml"
backingFilePath="/etc/shibboleth/ukfederation-metadata.xml"
reloadInterval="14400">
<MetadataFilter type="RequireValidUntil" maxValidityInterval="2592000"/>
<SignatureMetadataFilter certificate="ukfederation.pem"/>
</MetadataProvider>
There are two changes you can make here that will improve usability of your EDS.
The first is to add a filter so that you can chuck away the pre-production or experimental IdPs whose operators have asked us to mark them with the "hide-from-discovery" tag
<DiscoveryFilter type="Blacklist" matcher="EntityAttributes"
attributeName="http://macedir.org/entity-category"
attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
attributeValue="http://refeds.org/category/hide-from-discovery"
trimTags="true" />
(This facility was added in Shibboleth SP 2.5)
We've updated the Setup2SP page at
http://www.ukfederation.org.uk/content/Documents/Setup2SP
to include this, and there is further information at
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPMetadataProvider#NativeSPMetadataProvider-DiscoveryFilter
(actually, if you follow the "EntityMatcher" link to
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPEntityMatcher
there's some detail on how to filter on other attributes)
As to the second change, you've probably noticed that some IdPs show up by entityID rather than by display name - this is because the default behaviour of the EDS is to pick up the display name from the MDUI extensions - and not all IdP operators have added these. So there's a tag to let you pick up the OrganizationDisplayName
legacyOrgNames="true"
(If any operators of IdPs in the UK federation are reading this, please consider asking us to add MDUI info to your metadata
http://www.ukfederation.org.uk/content/Documents/MDUIRecommendations
as it makes your IdP that little bit easier to find)
Anyway, putting both these changes into MetadataProvider stanza gives you this:
<MetadataProvider type="XML"
uri="http://metadata.ukfederation.org.uk/ukfederation-metadata.xml"
legacyOrgNames="true"
backingFilePath="/etc/shibboleth/ukfederation-metadata.xml"
reloadInterval="14400">
<MetadataFilter type="RequireValidUntil" maxValidityInterval="2592000"/>
<DiscoveryFilter type="Blacklist" matcher="EntityAttributes"
attributeName="http://macedir.org/entity-category"
attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
attributeValue="http://refeds.org/category/hide-from-discovery"
trimTags="true" />
<SignatureMetadataFilter certificate="ukfederation.pem"/>
</MetadataProvider>
and on restarting your SP, all those extra IdPs will be gone from your EDS.
Hoping that this is useful.
Steve Glover, UK federation support
> Thank you,
>
> Angus Maidment
>
> Scientific Computing Department R18 G46
>
> Science and Technology Facilities Council
>
> Rutherford Appleton Laboratory
>
> Harwell Science and Innovation Campus
>
> OX11 0QX
>
> Tel: (01235) 77 8337
>
--
The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
**********************************************************************
This message is sent in confidence for the addressee
only. It may contain confidential or sensitive
information. The contents are not to be disclosed
to anyone other than the addressee. Unauthorised
recipients are requested to preserve this
confidentiality and to advise us of any errors in
transmission. Any views expressed in this message
are solely the views of the individual and do not
represent the views of the College. Nothing in this
message should be construed as creating a contract.
Hull College Group owns the email infrastructure, including the contents.
Hull College Group is committed to sustainability, please reflect before printing this email.
**********************************************************************
TEXT
|