In Finnish

In version 3 of Shibboleth IdP, there is also a functionality that enables the combination of attributes using the "velocity macro" model. One use for this could be, for example, creating the "cn" attribute in the IdP from the "givenName" and "sn" attributes. It is important to note that the source attributes must have exactly the right number of values.

attribute-resolver.xml

attribute-resolver.xml
<resolver:AttributeDefinition xsi:type="ad:Template" id="cn">
  <resolver:Dependency ref="myLDAP" />
  <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:cn" encodeType="false" />
  <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.3" friendlyName="cn" encodeType="false" />
  <ad:Template>${givenName} ${sn}</ad:Template>
  <ad:SourceAttribute>givenName</ad:SourceAttribute>
  <ad:SourceAttribute>sn</ad:SourceAttribute>
</resolver:AttributeDefinition>

Source: TemplateAttributeDefinition


In Shibboleth IdP version 4, the combination of a multivalued attribute from two other attributes (and from different sources) whose values ​​are prefixed with :

<AttributeDefinition id="uniquecode" xsi:type="ScriptedAttribute">
	<InputDataConnector ref="LDAP1" attributeNames="opiskelijanumero" />
	<InputDataConnector ref="LDAP2" attributeNames="oppijanumero" />
	<AttributeEncoder xsi:type="SAML2String" name="1.3.6.1.4.1.25178.1.2.14" friendlyName="schacPersonalUniqueCode" encodeType="false"/>
	<Script><![CDATA[
		if (typeof opiskelijanumero != "undefined") {
			uniquecode.addValue("prefix1:" + opiskelijanumero.getValues().get(0));
		}
		if (typeof oppijanumero != "undefined") {
			uniquecode.addValue("prefix2:" + oppijanumero.getValues().get(0));
		}
	]]></Script>
</AttributeDefinition>

Source: ScriptedAttributeDefinition

  • No labels