Skip to content

Instantly share code, notes, and snippets.

View daserzw's full-sized avatar

Davide Vaghetti daserzw

18 followers · 6 following
  • Consortium GARR
  • Italy
View GitHub Profile
@daserzw
daserzw / attribute-resolver.xml
Created August 7, 2025 08:45
Shib IdP attribute-resolver.xml with variable scope based on schacHomeOrganization value
<?xml version="1.0" encoding="UTF-8"?>
<AttributeResolver
xmlns="urn:mace:shibboleth:2.0:resolver"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd">
<!-- ========================================== -->
<!-- Attribute Definitions -->
<!-- ========================================== -->
@daserzw
daserzw / gist:1d54432e02f1417986bcb21817561736
Created June 4, 2023 06:30
---
markmap:
colorFreezeLevel: 10
---
# .
## REFEDS
- enforce contacts
@daserzw
daserzw / eduGAIN_scope_ORGNAME.py
Created April 26, 2021 15:07
eduGAIN scope and orgname
#!/usr/bin/env python3
import requests
from xml.etree import ElementTree as ET
def strip_start(s, start):
if s.startswith(start):
return s[len(start):]
return s
@daserzw
daserzw / attribute-resolver-idem-ad.xml
Last active October 18, 2022 05:14
IDEM Shibboleth Active Directory Attribute Resolver
<?xml version="1.0" encoding="UTF-8"?>
<AttributeResolver
xmlns="urn:mace:shibboleth:2.0:resolver"
xmlns:sec="urn:mace:shibboleth:2.0:security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd">
<!-- ========================================== -->
@daserzw
daserzw / case4ephemeralid.md
Last active November 5, 2019 21:04

The case for an OIDC ephemeral ID

The OpenID Connect Core 1.0 specification defines two subject types, public and pairwise.

The public subject type is used to provide "the same sub (subject) value to all Clients" or Relying Parties (RPs), while the pairwise one is meant to provide "a different sub value to each Client, so as not to enable Clients to correlate the End-User's activities without permission".

In other terms, the public subject type is a globally unique persistent identifier, while the pairwise one is targeted to a specific RP.

Ephemeral vs Pairwise

@daserzw
daserzw / idem-garr-logo.png
Created March 28, 2019 13:00
1
@daserzw
daserzw / gist:093489a4faff1d5197e67a8f2e8366fc
Created November 20, 2018 23:01
keybase.md
### Keybase proof
I hereby claim:
* I am daserzw on github.
* I am davidevaghetti (https://keybase.io/davidevaghetti) on keybase.
* I have a public key ASBRqUFDnD0OtZwQIHIQ2-C_FsADm8zpAX0PDs4Bd0x5eAo
To claim this, I am signing this object:
@daserzw
daserzw / cleanup-oidc-swamid-federation.sh
Created May 31, 2018 08:50
#/usr/bin/env bash
pkill -f rp.py
pkill -f server.py
rm -rf oidc-swamid-federation
@daserzw
daserzw / setup-oidc-swamid-federation.sh
Last active May 31, 2018 10:49
#!/usr/bin/env bash
git clone https://github.com/rohe/oidc-swamid-federation.git
cd oidc-swamid-federation
python3.5 -mvenv venv
. venv/bin/activate
pip install --no-cache-dir oidcop oidcrp fedoidcendpoint fedoidcrp atomicwrites
./create_fo_bundle.py
sleep 1
cd MDSS
@daserzw
daserzw / gist:38cb275de53996cd4a3ed42b160eb4f7
Created November 25, 2017 10:16
GIT CHEATSHEET
# git tag
git tag -am "annotation goes here" tagname_goes_here # cut a tag
git tag -d tagname_goes_here # burn it
git tag -am "annotation goes here" tagname_goes_here # cut another tag
git push --tags # push tags to remote
git push origin :refs/tags/tagname_goes_here # delete tag from remote