This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
en:aai:assurance_sp [2022/05/03 16:39] – [Metadata] Wolfgang Pempe | en:aai:assurance_sp [2023/01/12 19:24] – [Apache Access Rules] Wolfgang Pempe |
---|
| |
==== Metadata ==== | ==== Metadata ==== |
* According to the [[en:aai:assurance#roadmap_for_the_changeover|roadmap]], there will no longer be metadata files separated by Degrees of Reliance as of May 20th, 2022. The [[en:metadata|metadata]] of all productive Identity Providers in DFN-AAI is available at https://www.aai.dfn.de/metadata/dfn-aai-idp-metadata.xml. The examples under [[en:production|productive operations]] have already been mofified accordingly. Until the end of 2022, differentiation based on an [[en:entity_attributes#degrees_of_reliance_of_idps|Entity Attribute]] is still possible. Examples of a corresponding metadata filter can be found on the [[en:aai:mdq#filter_idps_from_dfn-aai_advanced|MDQ documentation]] and [[en:production#sp_example|Production Environment]] pages. | * According to the [[en:aai:assurance#roadmap_for_the_changeover|roadmap]], there will no longer be metadata files separated by Degrees of Reliance as of May 20th, 2022. The [[en:metadata|metadata]] of all productive Identity Providers in DFN-AAI is available at https://www.aai.dfn.de/metadata/dfn-aai-idp-metadata.xml. The examples under [[en:production|productive operations]] have already been modified accordingly. Until the end of 2022, differentiation based on an Entity Attribute is still possible. Examples of a corresponding metadata filter can be found on the [[en:aai:mdq|MDQ documentation]] and [[en:production|Production Environment]] pages. |
* In order to signal that the Service Provider requires and processes assurance information transported via the [[de:common_attributes#a14|eduPersonAssurance]] attribute, the ''eduPersonAssurance'' attribute should be declared as ''isRequired=true'' in the metadata administration tool under Attributes Consuming Service. | * In order to signal that the Service Provider requires and processes assurance information transported via the [[de:common_attributes#a14|eduPersonAssurance]] attribute, the ''eduPersonAssurance'' attribute should be declared as ''isRequired=true'' in the metadata administration tool under Attributes Consuming Service. |
==== Apache Access Rules ==== | ==== Apache Access Rules ==== |
In this example, access to the resources protected by the SP is granted to persons whose digital identity meets the conditions for $PREFIX$/IAP/medium and $PREFIX$/ATP/ePA-1m. This corresponds very roughly to the [[en:degrees_of_reliance|Degree of Reliance 'Advanced']]. | In this example, access to the resources protected by the SP is granted to persons whose digital identity meets the conditions for $PREFIX$/IAP/medium and $PREFIX$/ATP/ePA-1m. |
| |
<file apache /etc/apache2/sites-enabled/sp.uni-beispiel.de.conf> | <file apache /etc/apache2/sites-enabled/sp.uni-beispiel.de.conf> |