{"id":44649704,"url":"https://github.com/ausaccessfed/aaf-shib-ext","last_synced_at":"2026-02-14T20:40:19.076Z","repository":{"id":32810970,"uuid":"36403696","full_name":"ausaccessfed/aaf-shib-ext","owner":"ausaccessfed","description":"Shibboleth extension for auEduPersonSharedToken","archived":false,"fork":false,"pushed_at":"2026-01-27T22:43:18.000Z","size":551,"stargazers_count":0,"open_issues_count":15,"forks_count":0,"subscribers_count":7,"default_branch":"master","last_synced_at":"2026-01-28T11:12:46.653Z","etag":null,"topics":["web"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ausaccessfed.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2015-05-28T00:09:03.000Z","updated_at":"2026-01-27T22:41:50.000Z","dependencies_parsed_at":"2024-10-19T12:50:17.369Z","dependency_job_id":"ac2db208-4569-44ff-a8cc-c970ae84f852","html_url":"https://github.com/ausaccessfed/aaf-shib-ext","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/ausaccessfed/aaf-shib-ext","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ausaccessfed%2Faaf-shib-ext","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ausaccessfed%2Faaf-shib-ext/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ausaccessfed%2Faaf-shib-ext/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ausaccessfed%2Faaf-shib-ext/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ausaccessfed","download_url":"https://codeload.github.com/ausaccessfed/aaf-shib-ext/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ausaccessfed%2Faaf-shib-ext/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29455362,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-14T15:52:44.973Z","status":"ssl_error","status_checked_at":"2026-02-14T15:52:11.208Z","response_time":53,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["web"],"created_at":"2026-02-14T20:40:18.290Z","updated_at":"2026-02-14T20:40:19.068Z","avatar_url":"https://github.com/ausaccessfed.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AAF Shibboleth Extensions\n\n\u003e ⚠️ **DEPRECATED**\n\u003e\n\u003e For recent Shibboleth IdP versions, please use [aaf-shibv4-ext](https://github.com/ausaccessfed/aaf-shibv4-ext).\n\nA [Shibboleth IdP custom extension](https://wiki.shibboleth.net/confluence/display/SHIB2/IdPDevCustomExtension) which \nenables [auEduPersonSharedToken](http://wiki.aaf.edu.au/tech-info/attributes/auedupersonsharedtoken) for Shibboleth \nIdP 3.3.1.\n\nThe following features are provided:\n\n- auEduPersonSharedToken generation.\n- Database integration for storing and retrieving auEduPersonSharedToken values.  \n\n**IMPORTANT:** The generation of the auEduPersonSharedToken relies on the user's identifier (`sourceAttributeID`),  \nthe IdP's Entity ID  and the private seed (`salt`). Change of the inputs will change the auEduPersonSharedToken value.\nThis is likely to happen due to the change of the user's identifier, home institution, upgrade of the IdP and so on.\nIn a production environment, the auEduPersonSharedToken must be only generated **once** then persisted in \nthe institution's database for future use.\n\n# Requirements\n- Shibboleth IdP 3.3.1 operating with Java 8 or later.\n- A database for auEduPersonSharedToken storage. It is **strongly** recommended administrators configure regular \nbackups and monitoring for this database. **Loss of this data will disable federated access for your users**.\n\n# Deployment\n## 1. Configure database\n\nSet up your database with the following schema [db/schema.sql](db/schema.sql).\n\nFor example, to configure a local MySQL instance:\n\n```\n$ mysql\nmysql\u003e create database idp_db;\nmysql\u003e grant all privileges on idp_db.* to idp_admin@localhost identified by '\u003cyour_password\u003e';\nmysql\u003e \\u idp_db\nmysql\u003e (Paste db/schema.sql)\n```  \n\n## 2. Configure resolvers\n\nin `$IDP_HOME/conf/attribute-resolver.xml`:\n\nImport the definition\n```\nxsi:schemaLocation=\"...\n                    urn:mace:aaf.edu.au:shibboleth:2.0:resolver:dc classpath:/schema/aaf-shib-ext-dc.xsd\n```\n\nDefine the `DataConnector`\n```\n\u003cresolver:DataConnector xsi:type=\"SharedToken\" xmlns=\"urn:mace:aaf.edu.au:shibboleth:2.0:resolver:dc\"\n                    id=\"sharedToken\"\n                    sourceAttributeId=\"uniqueIdentifier\"\n                    salt=\"Ez8m1HDSLBxu0JNcPEywmOpy+apq4Niw9kEMmAyWbhJqcfAb\"\n                    dataSource=\"jdbc/DS_idp_admin\"\n                    primaryKeyName=\"uid\"\u003e\n                    \u003cresolver:Dependency ref=\"...\" /\u003e\n\u003c/resolver:DataConnector\u003e\n``` \n\nAttributes:\n\n- `id`: (mandatory) the unique identifier for the data connector.\n- `sourceAttributeID`: used for computing the sharedToken — ideally a unique identifier that never changes.\n- `salt`: (mandatory)  a string of random data, used when computing sharedToken. Must be at least 16 characters. N.B. Once set, \nthis value **must never change**. Please keep a copy of this value. This value can be generated with the openssl \ncommand: \n`openssl rand -base64 36 2\u003e/dev/null`\n- `dataSource`: (mandatory)  the container managed datasource identifier. Please see the relevant application server's instructions \nfor installing a JNDI datasource. Also ensure the specified JDBC driver is on the classpath of your application server.\n For example, to configure a MySQL JNDI datasource for Jetty:\n    1. Place [mysql-connector-java-5.1.35-bin.jar](http://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.35.tar.gz) in `/opt/jetty/lib/ext/`\n    2. Configure a [JNDI Datasource](https://wiki.eclipse.org/Jetty/Howto/Configure_JNDI_Datasource)\n    3. Restart app server\n- `primaryKeyName`: (optional) The column name used for the primary key in the shared token database table. The default is 'uid'\nwhich works for MySQL databases but is a reserved word for ORACLE.\n\n## 3. Configure logging\n\nUse the pattern: `\"au.edu.aaf.shibext\"` in your logging configuration to enable logging.\n\nFor example, Shibboleth's `$IDP_HOME/conf/logback.xml` can use the configuration:\n```\n    \u003clogger name=\"au.edu.aaf.shibext\" level=\"DEBUG\"/\u003e\n```\nUnless specified, the log information will appear in `$IDP_HOME/logs/idp-process.log`.\n\n## 4. Building the library\n\n1. Install [Gradle](https://docs.gradle.org/current/userguide/installation.html)\n2. Run the command `./gradlew clean build`\n3. Generated jar will be in `build/libs`\n\n## 5. Installing the library\n\n1. Copy the jar file to `$IDP_HOME/edit-webapp/WEB-INF/lib/`\n2. Re-run the installer `sh $IDP_HOME/bin/build.sh`\n3. Restart the app server\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fausaccessfed%2Faaf-shib-ext","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fausaccessfed%2Faaf-shib-ext","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fausaccessfed%2Faaf-shib-ext/lists"}