...
| Code Block |
|---|
|
<ScriptletAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
<DataConnectorDependency requires="directory"/>
<AttributeDependency requires="urn:mace:dir:attribute-def:eduPersonAffiliation" />
<Scriptlet><![CDATA[
Attributes attributes = dependencies.getConnectorResolution("directory");
Attribute entitlement = attributes.get("eduPersonEntitlement");
// add values from directory
for (int i = 0; entitlement != null && i < entitlement.size(); i++)
{
resolverAttribute.addValue(entitlement.get(i));
}
// add common-lib-terms for staff and student
Attribute attribute = attributes.get("eduPersonAffiliation");
if (attribute.contains("staff") ||
attribute.contains("student"))
{
resolverAttribute.addValue("urn:mace:dir:entitlement:common-lib-terms");
}
]]>
</Scriptlet>
</ScriptletAttributeDefinition>
|
Example Configuration for using the Active Directory objectSid as a uniqueID
As the following example shows, you can do even more complex things with the scriptlet attribute engine like converting an attribute. The code below uses the binary "objectSid" attribute to generate a uniqueID attribute that is common in some federations like SWITCHaai.
| Code Block |
|---|
|
<!-- Convert objectSid to uniqueID -->
<ScriptletAttributeDefinition id="urn:mace:switch.ch:attribute-def:swissEduPersonUniqueID">
<DataConnectorDependency requires="directory"/>
<Scriptlet><![CDATA[
javap(java.util.UUID);
Attributes attributes = dependencies.getConnectorResolution("directory");
Attribute objectSid = attributes.get("objectSid");
byte[] uuidBytes = objectSid.toString().getBytes();
UUID uuid = UUID.nameUUIDFromBytes(uuidBytes);
resolverAttribute.addValue(uuid.toString() + "@switch.ch");
]]>
</Scriptlet>
</ScriptletAttributeDefinition>
|
| Include Page |
|---|
| SHIB:AttributeDefinitionDependencies |
|---|
| SHIB:AttributeDefinitionDependencies |
|---|
|
...