Versies vergeleken

Versie Oude versie 22 Nieuwe versie Huidige
Veranderingen gemaakt door

tech

tech

Opgeslagen op

Sleutel

  • Deze regel is toegevoegd.
  • Deze regel is verwijderd.
  • Formattering is gewijzigd.

...

Name 

Source Attribute 

urn:mace:dir:attribute-def:eduPersonPrincipalName 

user.userprincipalname (see footnote below)

urn:mace:dir:attribute-def:uid 

user.userprincipalname 

urn:mace:terena.org:attribute-def:schacHomeOrganization (this one requires manipulation, please read on) 

A manipulation of: user.userprincipalname* (see further)

urn:mace:dir:attribute-def:cn 

user.displayname 

urn:mace:dir:attribute-def:displayName 

user.displayname 

urn:mace:dir:attribute-def:givenName 

user.givenname 

urn:mace:dir:attribute-def:sn 

user.surname 

urn:mace:dir:attribute-def:mail 

user.mail 

urn:mace:dir:attribute-def:preferredLanguage 

user.preferredlanguage 

urn:mace:dir:attribute-def:eduPersonAffiliation 

fixed text value ‘employee’ (without ' ', Microsoft will automatically add “ “) 

urn:mace:dir:attribute-def:eduPersonScopedAffiliation 

A manipulation in the form: employee@[schacHomeOrganization]* (see further)

...

Attribute mappings that require manipulation are explained in the subsequent sections.

Add an attribute with a

...

mapping to a standard EntraID attribute

This instruction is valid for attributes like urn:mace:dir:attribute-def:cn, urn:mace:dir:attribute-def:displayName, urn:mace:dir:attribute-def:givenName, urn:mace:dir:attribute-def:sn, urn:mace:dir:attribute-def:mail and other attributes that don’t need manipulation.

In the box ‘Attributes & Claims’, click ‘Edit’. 

...

  • Regex pattern: ^.*\@(?'domain')

  • Replacement pattern (vervangingspatroon): employee@{domain}

...

Attribute overview

The result of the attribute configuration looks as follows, please pay attention to the proper amount or lack of quotes:

...

Submit the intake form 

Please complete the form ‘Technisch Intakeformulier govconext’ with the metadata-URL and default schacHomeOrganization and the other required information and send it through the govroam ‘klantportaal’ and/or ‘tech@govroam.nl’. 

...

Since govconext is built using OpenConext software which is also used for SURFconext, you can find additional information if you search for SURFconext, specifically:
Handleiding Azure AD als SAML Identity Provider in SURFconext - SURFconext - Get Conexted - SURF Wiki - https://wiki.surfnet.nl/  

Also, Microsoft provides an extensive article:  
https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/surfconext-tutorial