Versions Compared

Old Version 24

changes.mady.by.user Rod Widdowson

Saved on

compared with

New Version 25

changes.mady.by.user Rod Widdowson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd

Table of Contents

Overview

DataConnectors produce sets of IdPAttribute objects which are internal to the IdP and are generally used as input to attribute definitions or are exported directly as resolver results.

...

In addition, when a connector does actually report failure, you can configure a single <FailoverDataConnector> element so that an alternative DataConnector runs in its place. The results of the failover connector are reported as the results of the original so that defintions that depend on the original don't know the difference. This can be chained ad nauseum. A StaticDataConnector is a common "last resort" to use since they cannot fail.

...

The following types are supported:

xsi:type

Description

Static

A data connector that gets its information from a static list of attributes and values specified within the configuration

ScriptedDataConnector

Creates multiple attributes from a script supported by JSR-223

ComputedId

Creates an attribute whose value is computed from the SHA-1 hash of the requesting entity's ID, an attribute value (usually a user identifier of some kind), and a salt

StoredId

Creates an attribute whose value is generated either via the ComputedId mechanism (above) or by storing it and looking it up in a database

PairwiseId

Extension alternative to ComputedId/StoredId using a Spring-defined PairwiseIdStore

RelationalDatabase

A data connector that uses JDBC to connect to and pull information from a relational database

LDAPDirectory

A data connector that uses LDAP to connect to and pull information from a directory

HTTP

A data connector that uses HTTP to connect to and pull information from a web service

Subject

A data connector that operates as a pass-through mechanism for IdPAttribute objects carried inside custom IdPAttributePrincipals produced from external/proxied authentication flows.

StorageService 4.1

A data connector that pulls a record from a StorageService instance

Reference

All connectors support a set of common XML Attributes and Elements for configuring common behavior.


Localtabgroup
Localtab live
titleCommon XML Attributes
Include Page
DataConnectorCommonAttributes
DataConnectorCommonAttributes
Localtab live
titleCommon XML Elements

Most DataConnectors support the following child elements, with some exceptions where noted on specific pages.

Include Page
DataConnectorCommonChildElements
DataConnectorCommonChildElements

...

Two mechanisms for this exist:

  • By direct reference to externally defined beans, for instance the <BeanManagedConnection> element, which is the most common way of defining a shared database connection.

  • In much more unusual cases, by specifying XML resources via the springResources or springResourcesRef attributes that contain appropriate low-level definitions for a connector

More precise details are described for each DataConnector that has this capability.

...