...
| Code Block | ||
|---|---|---|
| ||
[carsi@www ~]$ sudo vi /opt/shibboleth-idp/conf/attribute-resolver.xml
<AttributeDefinition xsi:type="ScriptedAttribute" id="eduPersonScopedAffiliation">
<InputAttributeDefinition ref="employeeType" />
<Script><![CDATA[
scopedValueType = Java.type("net.shibboleth.idp.attribute.ScopedStringAttributeValue");
var localPart = "";
if(typeof(employeeType)=="undefined"){
localPart = "member";
}else{
if(employeeType.getValues().get(0)=="staff") localPart = "staff"; # if条件中“staff”为本地用户管理系统中属性取值,可能是“staf”或其他
else if(employeeType.getValues().get(0).indexOf("student")!=-1) localPart = "student";# if条件中“student”为本地用户管理系统中属性取值,可能是“stu”或其他
else if(employeeType.getValues().get(0).indexOf("facultystaff")!=-1) localPart = "facultystaff"; # if条件中“faculty”为本地用户管理系统中属性取值,可能是“fac”或其他if条件中“staff”为本地用户管理系统中属性取值,可能是“staf”或其他
else localPart = "member";
}
eduPersonScopedAffiliation.addValue(new scopedValueType(localPart, "%{idp.scope}"));
]]></Script>
</AttributeDefinition>
<AttributeDefinition id="employeeType" xsi:type="SubjectDerivedAttribute" principalAttributeName="usertype"></AttributeDefinition>
[carsi@www ~]$ sudo systemctl restart jetty |
...
| Code Block | ||
|---|---|---|
| ||
[carsi@www ~]$ sudo cat attribute-resolver.xml
<AttributeResolver
xmlns="urn:mace:shibboleth:2.0:resolver"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd">
<AttributeDefinition xsi:type="ScriptedAttribute" id="eduPersonScopedAffiliation">
<InputAttributeDefinition ref="employeeType" />
<Script><![CDATA[
scopedValueType = Java.type("net.shibboleth.idp.attribute.ScopedStringAttributeValue");
var localPart = "";
if(typeof(employeeType)=="undefined"){
localPart = "member";
}else{
if(employeeType.getValues().get(0)=="staff") localPart = "staff";
else if(employeeType.getValues().get(0).indexOf("student")!=-1) localPart = "student";
else if(employeeType.getValues().get(0).indexOf("facultystaff")!=-1) localPart = "facultystaff";
else localPart = "member";
}
eduPersonScopedAffiliation.addValue(new scopedValueType(localPart, "%{idp.scope}"));
]]></Script>
</AttributeDefinition>
<AttributeDefinition id="employeeType" xsi:type="SubjectDerivedAttribute" principalAttributeName="userType"></AttributeDefinition>
<AttributeDefinition id="eduPersonTargetedID" xsi:type="SAML2NameID" nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
<InputDataConnector ref="myStoredID" attributeNames="persistentID"/>
<AttributeEncoder xsi:type="SAML1XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" encodeType="false"/>
<AttributeEncoder xsi:type="SAML2XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
friendlyName="eduPersonTargetedID" encodeType="false"/>
</AttributeDefinition>
<AttributeDefinition xsi:type="Scoped" id="eduPersonPrincipalName" scope="%{idp.scope}">
<InputAttributeDefinition ref="uid"/>
</AttributeDefinition>
<AttributeDefinition id="uid" xsi:type="PrincipalName" />
<AttributeDefinition id="eduPersonEntitlement" xsi:type="Simple">
<InputDataConnector ref="staticAttributes" attributeNames="eduPersonEntitlement" />
</AttributeDefinition>
<DataConnector id="staticAttributes" xsi:type="Static">
<Attribute id="eduPersonEntitlement">
<Value>urn:mace:dir:entitlement:common-lib-terms</Value>
</Attribute>
</DataConnector>
<AttributeDefinition id="samlPairwiseID" xsi:type="Scoped" scope="%{idp.scope}">
<InputDataConnector ref="myStoredID" attributeNames="persistentID"/>
</AttributeDefinition>
<DataConnector id="myStoredID" xsi:type="StoredId" generatedAttributeID="persistentID"
salt="%{idp.persistentId.salt}" queryTimeout="0">
<InputAttributeDefinition ref="eduPersonPrincipalName"/>
<BeanManagedConnection>MyDataSource</BeanManagedConnection>
</DataConnector>
</AttributeResolver>
|
...