Summary

This document explains how to add information to the attribute eduPersonScopedAffiliation used by Skolfederation.

System Requirement

• PAS 2.7 or later installed
• IDP configured and connected to Skolfederation
• memberOf attribute fetched in user store lookup valve

Information

The attribute eduPersonScopedAffiliation is a multivalue attribut that shows if the user is a student, employee or faculty in the municipality.

Instruction

• Login to Configuration Manager
• Navigate to Scenarios->Federation and then select the Skolfederationen IdP just created.
• Click Execution flow
• Add a new valve “PropertyAddValve” before the AssertionProviderValve.

Name = eduPersonScopedAffiliation
Value = student@<yourdomain>,member@<yourdomain>
Set splitter to ,
Enable multivalue

Change <yourdomain> to suite your environment.

Click Advanced and add an execute if expression.
"exec_if_expr" : "flow.property('memberOf').contains('Elev')"

This expression filters out which users, based on the user store memberOf value, that will be appointed students. Please change to suite your environment.

• Next, add another PropertyAddValve below the second one
  

Name = eduPersonScopedAffiliation
Value = employee@<yourdomain>,member@<yourdomain>
Set splitter to ,
Enable multivalue
Change <yourdomain> to suite your environment.

Click Advanced and add an execute if expression.
"exec_if_expr" : "flow.property('memberOf').contains('Personal')"

• At last we do the same for the faculty value

Name = eduPersonScopedAffiliation
Value = faculty@<yourdomain>,employee@<yourdomain>,member@<yourdomain>
Set splitter to ,
Enable multivalue
Change <yourdomain> to suite your environment.

Click Advanced and add an execute if expression.
"exec_if_expr" : "flow.property('memberOf').contains('Lärare')"