/
eShipGlobal
eShipGlobal
- Former user (Deleted)
Owned by Former user (Deleted)
Introduction
This page will explain how Yale's IdP's are configured for SP initiated SSO with eShipGlobal. It was considered desirable to have enough attributes passed to eShipGlobal as to allow for auto provisioning of new accounts. This information is provided via a view that the functional team maintains with all allowed users information in it. eShipGlobal only has two instances of their application, so they configured their test instance to accept authentication responses from both Yale's Dev and Test IdP, even though the test SP initiated SSO always uses our test IdP.
Contacts
Name |
Title |
|
|---|---|---|
Karthik Nathan |
Senior Applications Analyst |
knathan@eShipGlobal.com |
Development
The above address uses the development IdP to authenticate to eShipGlobal. To test Dev you will have to use IdP initiated SSO (Unsolicited).
Test
https://yaletest.eshipglobal.com/secure
The above address will initiate SP initiated SSO with Yale's Test IdP to eShipGlobals test site.
Production
https://yale.eshipglobal.com/secure
The above address will initiate SP initiated SSO with Yale's producation IdP to eShipGlobals producation site.
Attributes
attribute-resolver.xml
...
<!-- This data connector return -1 if hop is down so that users see a user friendly message from eShipGlobal -->
<resolver:DataConnector id="esg_static" xsi:type="dc:Static" xmlns="urn:mace:shibboleth:2.0:resolver:dc">
<Attribute id="FIRSTNAME"><Value></Value></Attribute>
<Attribute id="LASTNAME"><Value></Value></Attribute>
<Attribute id="ADDRESS1"><Value></Value></Attribute>
<Attribute id="ADDRESS2"><Value></Value></Attribute>
<Attribute id="CITY"><Value></Value></Attribute>
<Attribute id="STATE"><Value></Value></Attribute>
<Attribute id="ZIP"><Value></Value></Attribute>
<Attribute id="COUNTRY"><Value></Value></Attribute>
<Attribute id="PHONE"><Value></Value></Attribute>
<Attribute id="EMAIL"><Value></Value></Attribute>
<Attribute id="DEPTID"><Value></Value></Attribute>
<Attribute id="DEPTNAME"><Value></Value></Attribute>
<Attribute id="TRAINING"><Value></Value></Attribute>
<Attribute id="ACCESS_LEVEL"><Value></Value></Attribute>
<Attribute id="SPA180"><Value></Value></Attribute>
</resolver:DataConnector>
<!-- This is the data connector that gets the eShipGlobal Data from their
view in HOP -->
<resolver:DataConnector id="esg_view" xsi:type="RelationalDatabase"
xmlns="urn:mace:shibboleth:2.0:resolver:dc">
<resolver:FailoverDataConnector ref="esg_static" />
<dc:ContainerManagedConnection
resourceName="java:jdbc/esg_db" />
<dc:QueryTemplate>
<![CDATA[
select FIRSTNAME , LASTNAME , ADDRESS1
, ADDRESS2 , CITY , STATE
, ZIP , COUNTRY , PHONE
, EMAIL , DEPTID , DEPTNAME
, TRAINING , ACCESS_LEVEL, SPA180
from (select FIRSTNAME , LASTNAME , ADDRESS1
, ADDRESS2 , CITY , STATE
, ZIP , COUNTRY , PHONE
, EMAIL , DEPTID , DEPTNAME
, TRAINING , ACCESS_LEVEL , SPA180, 'view' SRC
from yuapps.yuap_eship_saml_v
where LOGONID = upper('$requestContext.principalName')
union
select null FIRSTNAME , null LASTNAME , null ADDRESS1
, null ADDRESS2 , null CITY , null STATE
, null ZIP , null COUNTRY , null PHONE
, null EMAIL , null DEPTID , null DEPTNAME
, null TRAINING , 'N' ACCESS_LEVEL , 'None' SPA180, 'not found' SRC
from dual)
where (SRC = 'view')
or ( SRC = 'not found'
AND rownum = 1)
]]>
</dc:QueryTemplate>
</resolver:DataConnector>
...
<!-- eGlobalShip Attributes -->
<!-- ========================================== -->
<resolver:AttributeDefinition xsi:type="PrincipalName" xmlns="urn:mace:shibboleth:2.0:resolver:ad" id="esg.logonId">
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="LOGONID" />
</resolver:AttributeDefinition>
<resolver:AttributeDefinition xsi:type="ad:Simple" id="esg.firstName" sourceAttributeID="FIRSTNAME">
<resolver:Dependency ref="esg_view" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="FIRSTNAME" />
</resolver:AttributeDefinition>
<resolver:AttributeDefinition xsi:type="ad:Simple" id="esg.lastName" sourceAttributeID="LASTNAME">
<resolver:Dependency ref="esg_view" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="LASTNAME" />
</resolver:AttributeDefinition>
<resolver:AttributeDefinition xsi:type="ad:Simple" id="esg.address1" sourceAttributeID="ADDRESS1">
<resolver:Dependency ref="esg_view" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="ADDRESS1" />
</resolver:AttributeDefinition>
<resolver:AttributeDefinition xsi:type="ad:Simple" id="esg.address2" sourceAttributeID="ADDRESS2">
<resolver:Dependency ref="esg_view" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="ADDRESS2" />
</resolver:AttributeDefinition>
<resolver:AttributeDefinition xsi:type="ad:Simple" id="esg.city" sourceAttributeID="CITY">
<resolver:Dependency ref="esg_view" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="CITY" />
</resolver:AttributeDefinition>
<resolver:AttributeDefinition xsi:type="ad:Simple" id="esg.state" sourceAttributeID="STATE">
<resolver:Dependency ref="esg_view" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="STATE" />
</resolver:AttributeDefinition>
<resolver:AttributeDefinition xsi:type="ad:Simple" id="esg.zip" sourceAttributeID="ZIP">
<resolver:Dependency ref="esg_view" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="ZIP" />
</resolver:AttributeDefinition>
<resolver:AttributeDefinition xsi:type="ad:Simple" id="esg.country" sourceAttributeID="COUNTRY">
<resolver:Dependency ref="esg_view" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="COUNTRY" />
</resolver:AttributeDefinition>
<resolver:AttributeDefinition xsi:type="ad:Simple" id="esg.phone" sourceAttributeID="PHONE">
<resolver:Dependency ref="esg_view" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="PHONE" />
</resolver:AttributeDefinition>
<resolver:AttributeDefinition xsi:type="ad:Simple" id="esg.email" sourceAttributeID="EMAIL">
<resolver:Dependency ref="esg_view" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="EMAIL" />
</resolver:AttributeDefinition>
<resolver:AttributeDefinition xsi:type="ad:Simple" id="esg.deptId" sourceAttributeID="DEPTID">
<resolver:Dependency ref="esg_view" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="DEPTID" />
</resolver:AttributeDefinition>
<resolver:AttributeDefinition xsi:type="ad:Simple" id="esg.deptName" sourceAttributeID="DEPTNAME">
<resolver:Dependency ref="esg_view" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="DEPTNAME" />
</resolver:AttributeDefinition>
<resolver:AttributeDefinition xsi:type="ad:Simple" id="esg.training" sourceAttributeID="TRAINING">
<resolver:Dependency ref="esg_view" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="TRAINING" />
</resolver:AttributeDefinition>
<resolver:AttributeDefinition xsi:type="ad:Simple" id="esg.access" sourceAttributeID="ACCESS_LEVEL">
<resolver:Dependency ref="esg_view" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="ACCESS" />
</resolver:AttributeDefinition>
<resolver:AttributeDefinition xsi:type="ad:Simple"
id="esg.spa180" sourceAttributeID="SPA180">
<resolver:Dependency ref="esg_view" />
<resolver:AttributeEncoder xsi:type="SAML2String"
xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="SPA180" />
</resolver:AttributeDefinition>
attribute-filter.xml
...
<!-- Filter Policy for eShipGlobal -->
<afp:AttributeFilterPolicy id="releaseToeShipGlobal">
<afp:PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="${eShipGlobal.entityId}" />
<afp:AttributeRule attributeID="esg.logonId"><PermitValueRule xsi:type="basic:ANY"/></AttributeRule>
<afp:AttributeRule attributeID="esg.firstName"><PermitValueRule xsi:type="basic:ANY" /></AttributeRule>
<afp:AttributeRule attributeID="esg.lastName"><PermitValueRule xsi:type="basic:ANY" /></AttributeRule>
<afp:AttributeRule attributeID="esg.address1"><PermitValueRule xsi:type="basic:ANY" /></AttributeRule>
<afp:AttributeRule attributeID="esg.address2"><PermitValueRule xsi:type="basic:ANY" /></AttributeRule>
<afp:AttributeRule attributeID="esg.city"><PermitValueRule xsi:type="basic:ANY" /></AttributeRule>
<afp:AttributeRule attributeID="esg.state"><PermitValueRule xsi:type="basic:ANY" /></AttributeRule>
<afp:AttributeRule attributeID="esg.zip"><PermitValueRule xsi:type="basic:ANY" /></AttributeRule>
<afp:AttributeRule attributeID="esg.country"><PermitValueRule xsi:type="basic:ANY" /></AttributeRule>
<afp:AttributeRule attributeID="esg.phone"><PermitValueRule xsi:type="basic:ANY" /></AttributeRule>
<afp:AttributeRule attributeID="esg.email"><PermitValueRule xsi:type="basic:ANY" /></AttributeRule>
<afp:AttributeRule attributeID="esg.deptId"><PermitValueRule xsi:type="basic:ANY" /></AttributeRule>
<afp:AttributeRule attributeID="esg.deptName"><PermitValueRule xsi:type="basic:ANY" /></AttributeRule>
<afp:AttributeRule attributeID="esg.training"><PermitValueRule xsi:type="basic:ANY" /></AttributeRule>
<afp:AttributeRule attributeID="esg.access"><PermitValueRule xsi:type="basic:ANY" /></AttributeRule>
<afp:AttributeRule attributeID="esg.spa180"><afp:PermitValueRule xsi:type="basic:ANY" /></afp:AttributeRule>
</afp:AttributeFilterPolicy>
...
, multiple selections available,