Versions Compared

Old Version 20

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 21

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagexml
<!-- Remove comment tags to enable Attribute-based c14n -->
<bean id="c14n/attribute" parent="shibboleth.PostLoginSubjectCanonicalizationFlow" />
localtab-livetrue
Localtabgroup
Expand
titleV4.0
attribute-sourced-subject-c14n-config.xml
Code Block
languagexml
    <!--
    A list of attributes to resolve for normalizing the subject. For example, you might
    intend to lookup a name in a directory based on what the user entered. You can make this
    an empty list if you just want to resolve everything you normally would.
    -->
    <util:list id="shibboleth.c14n.attribute.AttributesToResolve">
        <value>uid</value>
    </util:list>

    <!--
    A list of attributes to search for a value to produce as the normalized subject name.
    This will normally be something you resolve above.
    -->
    <util:list id="shibboleth.c14n.attribute.AttributeSourceIds">
        <value>uid</value>
    </util:list>

	<bean id="shibboleth.c14n.attribute.PrincipalNameLookupStrategy"
            class="net.shibboleth.idp.profile.context.navigate.ScriptedContextLookupFunction"
            factory-method="inlineScript">
        <constructor-arg>
            <value>
            <![CDATA[
            var principalName = null;
            var subject = profileContext.getSubcontext("net.shibboleth.idp.authn.context.SubjectCanonicalizationContext").getSubject();
            var princs = subject.getPrincipals(Java.type("net.shibboleth.idp.authn.principal.UsernamePrincipal").class);
            if (princs.size() == 1) {
                principalName = princs.iterator().next().getName();
            }
            principalName;
            ]]>
            </value>
        </constructor-arg>
    </bean>
Localtab live
active
Expand
titleV4.1+
subject-c14n.properties
Code Block
languagetext
idp.c14n.attribute.attributesToResolve = uid
idp.c14n.attribute.attributeSourceIds = uid
subject-c14n.xml
Code Block
languagexml
	<bean id="shibboleth.c14n.attribute.PrincipalNameLookupStrategy"
			parent="shibboleth.ContextFunctions.Scripted"
            factory-method="inlineScript">
        <constructor-arg>
            <value>
            <![CDATA[
            var principalName = null;
            var subject = profileContext.getSubcontext("net.shibboleth.idp.authn.context.SubjectCanonicalizationContext").getSubject();
            var princs = subject.getPrincipals(Java.type("net.shibboleth.idp.authn.principal.UsernamePrincipal").class);
            if (princs.size() == 1) {
                principalName = princs.iterator().next().getName();
            }
            principalName;
            ]]>
            </value>
        </constructor-arg>
    </bean>

Reference

localtab-live
Localtabgroup
Expand
titleBeans (V4.0)

The beans defined in conf/c14n/attribute-sourced-subject-c14n-config.xml follow:

Bean ID

Type

Default

Description

shibboleth.c14n.attribute.AttributesToResolve                      

List<String>

A list of attributes to resolve (an empty list directs the resolver to resolve everything it knows about)

shibboleth.c14n.attribute.AttributeSourceIds

List<String>

A list of attributes to search for in the results, looking for a StringAttributeValue or ScopedStringAttributeValue

shibboleth.c14n.attribute.PrincipalNameLookupStrategy

Function<ProfileRequestContext,String>

Provides a principal name value for the AttributeResolutionContext during attribute resolution (i.e., $resolutionContext.principal will be set)

shibboleth.c14n.attribute.Lowercase

Boolean

false

Whether to lowercase the username

shibboleth.c14n.attribute.Uppercase

Boolean

false

Whether to uppercase the username

shibboleth.c14n.attribute.Trim

Boolean

true

Whether to trim leading and trailing whitespace from the username

shibboleth.c14n.attribute.Transforms

Pair<String,String>

Pairs of regular expressions and replacement expressions to apply to the username

localtab-live
true
Expand
titleBeans (V4.1+)

The following beans may be defined in conf/subject-c14n.xml if needed:

Bean ID

Type

Description

shibboleth.c14n.attribute.PrincipalNameLookupStrategy

Function<ProfileRequestContext,String>

Provides a principal name value for the AttributeResolutionContext during attribute resolution (i.e., $resolutionContext.principal will be set)

shibboleth.c14n.attribute.Transforms

Pair<String,String>

Pairs of regular expressions and replacement expressions to apply to the attribute-sourced username

Localtab live
active
Expand
titleProperties (V4.1+)

The following properties are commented out in conf/c14n/subject-c14n.properties:

Name / Type / Default

Default

Description

idp.c14n.attribute.attributesToResolve

Comma-delimited list of attributes to resolve (an empty list directs the resolver to resolve everything it can)

idp.c14n.attribute.attributeSourceIds

Comma-delimited list of attributes to search for in the results, looking for a StringAttributeValue or ScopedStringAttributeValue

idp.c14n.attribute.resolveFromSubject

false

Whether to examine the input Subject for IdPAttributePrincipal objects to pull from directly, instead of from the output of the Attribute Resolver service

idp.c14n.attribute.resolutionCondition

shibboleth.Conditions.TRUE

Bean ID of a Predicate<ProfileRequestContext> to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone

idp.c14n.attribute.lowercase

false

Whether to lowercase the username

idp.c14n.attribute.uppercase

false

Whether to uppercase the username

idp.c14n.attribute.trim

true

Whether to trim leading and trailing whitespace from the username

...