Overview


The dsdStudentId is a special attribute that is only provided to the MyEquals service.The value is used by this service as a key to query student system where the students  records are extracted from. 


This is generally student's id  number. Most organisation use a single letter prefix value like s123456 .  



Requirements

  • Shibboleth IdP 3.x 


Configurations 

  1. Add the attribute definition to your LDAP or Active Directory  to populate user's dsdStudentId field.
  2. Add the following AttributeDefinition to your attribute-resolver.xml


<resolver:AttributeDefinition xsi:type="ad:Simple" id="dsdStudentId" 
            sourceAttributeID="studentNumber">    
            <resolver:Dependency ref="ldap" />  
    
        <resolver:AttributeEncoder xsi:type="enc:SAML1String" 
                name="urn:oid:1.3.6.1.4.1.27691.1.1" encodeType="false" />    
         
       <resolver:AttributeEncoder xsi:type="enc:SAML2String" 
               name="urn:oid:1.3.6.1.4.1.27691.1.1" friendlyName="dsdStudentId" 
               encodeType="false"  />
  
</resolver:AttributeDefinition> 



    3. Add a rule in the metadata-based-attribute-filter.xml


   <AttributeRule attributeID="dsdStudentId">
            <PermitValueRule xsi:type="OR">
                     <Rule xsi:type="AttributeInMetadata"
                              onlyIfRequired="false"/>
                     <Rule xsi:type="AttributeInMetadata"
                              attributeName="urn:oid:1.3.6.1.4.1.27691.1.1"
                              onlyIfRequired="false"/>
            </PermitValueRule>
   </AttributeRule>


    4. Add  dsdStudentId attribute  to the list of attributes that are assigned to "idp.consent.attributeOrder=" in the idp.properties file.

     

# Ordering of attributes when displayed in consent form
idp.consent.attributeOrder=commonName,displayName,auEduPersonLegalName,givenName,surname,\
        email,eduPersonPrincipalName,uid,auEduPersonSharedToken,eduPersonTargetedID,\
        eduPersonEntitlement,eduPersonAssurance,\
        eduPersonAffiliation,eduPersonScopedAffiliation,eduPersonPrimaryAffiliation,auEduPersonAffiliation,\
        organizationName,homeOrganization,homeOrganizationType,organizationalUnit,\
        postalAddress,telephoneNumber,mobileNumber,eduPersonOrcid,dsdStudentId



    5. Final step is  adding  dsdStudentId as an attribute that your IdP is willing to release in the Federation Registry.  


  Note: Currently only AAF staff can add this attribute as we have locked it down in the federation registry.By locking it down however each IdP must  request us to add it to the list of attributes the IdP supports.