Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Opennav
 
Numbered Headings
In
  1. Create the file /etc/freeradius/

sites-enabled/default, find the post-auth section. At the top, add the following
  1. policy.d/moonshot (on RHEL platforms, /etc/raddb/policy.d/moonshot):

    Code Block
    linenumberstrue
    moonshot_saml if (Realm == '[your realm here]') {
            update reply {
                SAML-AAA-Assertion = '<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" IssueInstant="2011-03-19T08:30:00Z" ID="foo" Version="2.0">'
                SAML-AAA-Assertion += '<saml:Issuer>urn:mace:incommon:osu.edu</saml:Issuer>'
                SAML-AAA-Assertion += '<saml:AttributeStatement>'
                SAML-AAA-Assertion += '<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7"><saml:AttributeValue>moonshot</saml:AttributeValue></saml:Attribute>'
                SAML-AAA-Assertion += '</saml:AttributeStatement>'
                SAML-AAA-Assertion += '</saml:Assertion>'
            }
        }
    
  1. }
    Tip
    titleExample

    Camford University's SAML assertion would look like this:

    Code Block
    linenumberstrue
    moonshot_saml { 
        if (Realm == 'camford.ac.uk') {
            update reply {
                SAML-AAA-Assertion = '<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" IssueInstant="2011-03-19T08:30:00Z" ID="foo" Version="2.0">'
                SAML-AAA-Assertion += '<saml:Issuer>urn:mace:incommon:osu.edu</saml:Issuer>'
                SAML-AAA-Assertion += '<saml:AttributeStatement>'
                SAML-AAA-Assertion += '<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7"><saml:AttributeValue>moonshot</saml:AttributeValue></saml:Attribute>'
                SAML-AAA-Assertion += '</saml:AttributeStatement>'
                SAML-AAA-Assertion += '</saml:Assertion>'
            }
        }
    }
  2. In /etc/freeradius/sites-enabled/abfab-tr-idp, find the post-auth section. At the top, immediately below the "post-auth {" line, insert the following:

    Code Block
    linenumberstrue
    post-auth {
            moonshot_saml