...
Code Block | ||
---|---|---|
| ||
[carsi@www ~]$ sudo cat attribute-resolver.xml <?xml version="1.0" encoding="UTF-8"?> <AttributeResolver xmlns="urn:mace:shibboleth:2.0:resolver" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd"> <AttributeDefinition xsi:type="ScriptedAttribute" id="eduPersonScopedAffiliation"> <InputAttributeDefinition ref="employeeType" /> <Script><![CDATA[ scopedValueType = Java.type("net.shibboleth.idp.attribute.ScopedStringAttributeValue"); var localPart = ""; if(typeof(employeeType)=="undefined"){ localPart = "member"; }else{ if(employeeType.getValues().get(0)=="facultystaff") localPart = "facultystaff"; else if(employeeType.getValues().get(0)=="std") localPart = "student"; else localPart = "member"; } eduPersonScopedAffiliation.addValue(new scopedValueType(localPart, "%{idp.scope}")); ]]></Script> </AttributeDefinition> <AttributeDefinition xsi:type="SubjectDerivedAttribute" id="employeeType" principalAttributeName="userType"></AttributeDefinition> <AttributeDefinition xsi:type="Scoped" id="eduPersonPrincipalName" scope="%{idp.scope}"> <InputAttributeDefinition ref="uid"/> </AttributeDefinition> <AttributeDefinition id="uid" xsi:type="PrincipalName" /> <AttributeDefinition id="eduPersonPrincipalName" xsi:type="Scoped" scope="%{idp.scope}"> <InputAttributeDefinition ref="uid"/> </AttributeDefinition> <AttributeDefinition id="eduPersonTargetedID" xsi:type="SAML2NameID" nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"> <InputDataConnector ref="myStoredID" attributeNames="persistentID"/> <AttributeEncoder xsi:type="SAML1XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" encodeType="false"/> <AttributeEncoder xsi:type="SAML2XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" friendlyName="eduPersonTargetedID" encodeType="false"/> </AttributeDefinition> <AttributeDefinition id="samlPairwiseID" xsi:type="Scoped" scope="%{idp.scope}"> <InputDataConnector ref="myStoredID" attributeNames="persistentID"/> </AttributeDefinition> <DataConnector id="myStoredID" xsi:type="StoredId" generatedAttributeID="persistentID" salt="%{idp.persistentId.salt}" queryTimeout="0"> <InputAttributeDefinition ref="eduPersonPrincipalName"/> <BeanManagedConnection>MyDataSource</BeanManagedConnection> </DataConnector> <AttributeDefinition id="eduPersonEntitlement" xsi:type="Simple"> <InputDataConnector ref="staticAttributes" attributeNames="eduPersonEntitlement"/> </AttributeDefinition> <DataConnector id="staticAttributes" xsi:type="Static"> <Attribute id="eduPersonEntitlement"> <Value>urn:mace:dir:entitlement:common-lib-terms</Value> </Attribute> </DataConnector> </AttributeResolver> |
...