Versions Compared

Old Version 4

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd

...

The ScriptedAttribute AttributeDefinition constructs an output attribute via the execution of a JSR-223 script. Scripts are somewhat easier to write and maintain than native Java code, though they are slower. They can also be changed dynamically since the attribute resolver is a ReloadableService.

...

Expand
titleSpecific XML Attributes

Name

Type

Default

Description

language

string

JavaScript

The default is ECMA script using either the Rhino (Java 7) or Nashorn (Java 8+) engines.This situation is in flux due to the removal of Nashorn from future Java versions, and there are plans to provide a V4.1+ plugin that supplies one of these options in the future at the deployer's discretiona supplied scriping engine. Plugins are available since Java no longer includes such an implementation.

customObjectRef

string

The name of a Spring Bean defined elsewhere. This bean will be made available to the script in a variable named "custom".

...

Get eduPersonPrincipalName from LDAP or build one from uid

Variant 1: A "Prescoped" AttributeDefinition resolves existing eduPersonPrincipalName values from LDAP, then depends on a "ScriptedAttribute" definition to generate missing values. The Script also needs a dependency on the myLDAP DataConnector in order to have access to existing eduPersonPrincipalName and uid attribute values.

Minimal scripting, using Dependencies (Nashorn)

...