Affiliations

Affiliations
Prev		Next

Affiliations are tags or attributes that typically convey demographic information (e.g., school and year of graduation), but may also reflect a particular level of privilege (e.g., permission to print a certain number of pages.) WIND can provide access to the Ldap affiliations associated with an authenticated UNI. Before being returned to the application, each Ldap affiliation is translated into a WIND-specific format based on its category:

Course Enrollment
Cunix Groups
Alumni Information
Student School
Faculty/Officer/Staff
Everything else

WIND affiliation formats consist of period-separated nodes ordered left to right, from most to least specific, as in "address.city.state.country.continent". WIND translations are in lower case and end with ":edu.columbia". The specific formats are described below:

Course Enrollment:

Sample Ldap Affiliation	CUinstr_ENGR_C1001_1_5_3
Ldap Format	CU<role>_<dept><num>_<sec>_<yr>_<term>
Wind Translation	t3.y2005.s001.c1001.engr.fc.course:columbia.edu
Wind Format	t<term>.y<yr>.s<sec>.c<num>.<dept>.<fc\|st>.course.columbia:edu
Notes	Third term (fall) 2005, section 1, C1001, Engineering, instructor.

Cunix Groups:

Sample Ldap Affiliation	CUNIX_student
Ldap Format	CUNIX_<group-name>
Wind Translation	student.cunix.local:columbia.edu
Wind Format	<group-name>.cunix.local:columbia.edu
Notes	Member of the cunix group "student".

Alumni Information:

Sample Ldap Affiliation	ALCC2002
Ldap Format	AL<school><year>
Wind Translation	y2002.cc.alum:columbia.edu
Wind Format	y<year>.<school>.alum:columbia.edu
Notes	Columbia College class of 2002.

Student School:

Sample Ldap Affiliation	CU_student_CC_U
Ldap Format	CU_student_<school>_<U\|G\|P\|N\|S>
Wind Translation	ug.cc.student:columbia.edu
Wind Format	<ug\|gr\|pr\|sp>.<school>.student:columbia.edu
Notes	Undergraduate student, Columbia College.

Faculty/Officer/Staff:

Sample Ldap Affiliation	CU_instructor_Business
Ldap Format	<school>_<role_><dept>
Wind Translation	gsb.faculty:columbia.edu
Wind Format	<school>.<role>.columbia:edu
Notes	There are many variations on this format; inquire about specific roles, schools, etc.

Ldap affiliations that do not fall into one of these categories are returned untranslated ("raw"), followed by "ldap:columbia.edu", e.g.:

Everything else:

Ldap Affiliation Sample	PAC1administrator
Ldap Format	various
Wind Translation	PAC1administrator.ldap:columbia.edu
Wind Format	<raw-Ldap-affiliation>.ldap:columbia:edu
Notes	Ldap affiliations typically contain an organization name or category in upper case followed, optionally, by a modifier in lower case.

Affiliation data is considered confidential, and the provision of affiliations to an application must be approved by CUIT management. Your request should describe the specific affiliation information you want returned and should include the reasons you "need to know." Access to affiliation information is generally restricted to Columbia departments or organizations.

Affiliation Request
Affiliations, along with other data, are returned in response to a validate request. There is one parameter to the validate request, ticketid, the value of the ticket string sent by the user.
The affiliation request URI will look something like this:
https://wind.columbia.edu/validate?ticketid=TICKETID_TO_BE_VALIDATED
response
When WIND is configured to send affiliations to a specific application, the response to a successful validate request from that application contains an additional element, a <wind:affiliations>. The <wind:serviceResponse> will have a <wind:authenticationSuccess> element containing a <wind:user> element with the username. This will be followed by the list of affiliations, if any, for the user within a <wind:affiliations> element. On failure, the response will be identical to the standard validate failure.
WIND also supports a plain-text format for validate responses for services configured to receive affiliations. WIND returns either "yes" followed by a carriage return and the UNI or anonymous WIND identifier, or "no". If the reponse is "yes", the UNI or anonymous identifier is followed by list of affiliations, one to a line.
Below is a sample valid XML response from WIND to a request for affiliations for a user:
```
          
          <wind:serviceResponse xmlns:wind='http://www.columbia.edu/acis/rad/authmethods/wind'>
            <wind:authenticationSuccess>
              <wind:user>UNI</wind:user>
              <wind:affiliations>
                <wind:affil>affil1</wind:affil>
                <wind:affil>affil2</wind:affil>
                <wind:affil>affil3</wind:affil>
              </wind:affiliations>
              <wind:passwordtyped>true</wind:passwordtyped>
              <wind:logintime>1078117200</wind:logintime>
              <wind:passwordtime>1072933200</wind:passwordtime>
              <wind:passwordchangeURI>
                https://www1.columbia.edu/sec/acis/manageaccount/passwd.html
              </wind:passwordchangeURI>
            </wind:authenticationSuccess>
          </wind:serviceResponse>
          
        
```
The same response from WIND in plain-text format:
```
          
          yes
          UNI
          affil1
          affil2
          affil3
          
        
```
In the above examples, WIND has returned "yes" (this is a valid ticket), "UNI" (the UNI), and a newline-separated list of affiliations.

sample client code (parsing the XML response)

          
  #
  # Ticket validation and affils parsing subroutine
  #
  # $affiliationURI = 'https://wind.columbia.edu/validate?ticketid=';
  # 
  sub ticketAffils {
      use LWP::Simple 'get';
      use XML::Simple;
      my $ticketId = shift;
      my $windResponse;
      $windResponse = LWP::Simple::get($affiliationURI.$ticketId);
      my $ref = XMLin($windResponse);
      if (exists $ref->{'wind:authenticationSuccess'}) {
        my $username = $ref->{'wind:authenticationSuccess'}{'wind:user'};
        if (exists $ref->{'wind:authenticationSuccess'}{'wind:affiliations'}) {
          my @affils = values %{$ref->{'wind:authenticationSuccess'}{'wind:affiliations'};
          foreach my $aff (@affils) {
            print "$aff\n";
          }
        }
        else {
          print "no affiliations returned for $username.\n";
        }
      } elsif (exists $ref->{'wind:authenticationFailure'}){
          # Ticket rejected. User should have an option to try again.
          # To try again, another authentication request needs to be generated.
          print "the ticket was already used or was invalid";
      } else {
          # Unexpected response
          print "did not receive an expected response";
      }
  }

The Perl code fragment above shows how an application might obtain the list of affiliations for a ticketid from an XML-format response.

Prev	Up	Next
Client Requests to WIND	Home	Sample Code Repository