Versions Compared

Old Version 12

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 13

changes.mady.by.user Rod Widdowson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Note

Using this plugin requires that the plugins.so extension library be loaded via the <Extensions> element in the <OutOfProcess> element.

Table of Contents

Overview

Identified by type="GSSAPI", this AttributeExtractor implements an XML-based rule syntax for designating GSS-API naming extensions to decode into internal attributes.

...

It supports all of the attributes common to all reloadable configuration resources:

Include Page
ReloadableConfigurationAttributes
ReloadableConfigurationAttributes

Child Elements

The following child element must be provided, either inline, or as the root element of a local or remote XML resource to load from, which would be specified via the attribute(s) above.

Name

Cardinality

Description

<am:Attributes>

1

Root element of configuration

When a non-inline configuration is used, it supports the following child elements common to all reloadable configuration resources.

Include Page
ReloadableConfigurationElements
ReloadableConfigurationElements

<am:Attributes> Element Reference

...

The following child element content is supported:

Name

Cardinality

Description

<am:GSSAPIAttribute>

1 or more

An extraction rule

<am:GSSAPIAttribute> Element Reference

Each <am:GSSAPIAttribute> element  element describes an extraction rule, the core of this plugin's behavior.

...

An extraction rule supports the following XML attributes:

Name

Type

Req?

Default

Description

id

string

Y


Name of the attribute to create

name

string

Y


GSS-API naming extension attribute to extract from

authenticated

boolean


true

If true, only authenticated GSS-API naming attributes are processed

scopeDelimeter

character



If set, all values of the naming attribute must contain the character, and it is used to split the value into a two-part construct expressed as a scoped attribute

binary

boolean


false

If set, this overrides the scopeDelimiter option, and causes the attribute's value to be base64-encoded and handled as a binary attribute. The unencoded value can be accessed natively in C++ code, but the serialized values are left encoded.

Examples

A typical non-inline configuration of this plugin is:

...

Specifying a GSSAPI Extractor in another file
Code Block
breakoutModewide
languagexml
<AttributeExtractor type="GSSAPI" reloadChanges="false" path="gss-api.xml"/>

A simple example configuration:

Code Block
breakoutModewide
languagexml
<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map">
    <GSSAPIAttribute name="urn:ietf:params:gss-eap:radius-avp urn:x-radius:1" id="radius-1"/>
</Attributes>

...