The ScriptedDataConnector data connector allows the creation of multiple attributes by a JSR-233 script.
Schema Name and Location
This xsi:type is defined by the urn:mace:shibboleth:2.0:resolver schema, which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd.
When specified in the urn:mace:shibboleth:2.0:resolver namespace the name was dc:Script
Attributes
Any of the common attributes can be specified.
In addition, the following attributes may be provided:
Name | Type | Req? | Default | Description |
|---|---|---|---|---|
language | string | N | JavaScript | Defines the JSR-233 language to use. The default is ECMA script using either the Rhino (Java 7) or Nashorn (Java 8) engines. |
| string | N | The name of a Spring Bean defined elsewhere. This bean will be made available to the script with the name "custom". See the ScriptedAttributeDefinition for more details |
Child Elements
Any of the common child elements can be specified. In addition one of the following two elements must be defined:
| Name | Cardinality | Description |
|---|---|---|
<Script> |
| The contents define the script to execute |
<ScriptFile> | The contents define a file which contains the script to execute |
Script Context
The script will have the following variables available:
- resolutionContext
- AttributeResolutionContext for the current resolution request
- connectorResults
- a List which the connector populates with IdPAttribute objects. These form the output of the dataconnector.
- profileContext
- ProfileRequestContext for the current resolution request
- custom 3.2
- contains whatever was provided by the
customObjectRefattribute (see above)
- contains whatever was provided by the
- subjects 3.3
- an array of the java
javax.security.auth.Subjectobjects associated with this authorization. Note that these will only be present if the attribute resolution has been associated with an Authentication (and so this will not work for back channel requests).
- an array of the java
Examples
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<DataConnector id="ScriptedAttributeConnector" xsi:type="ScriptedDataConnector">
<Script><![CDATA[
importPackage(Packages.net.shibboleth.idp.attribute);
importPackage(Packages.java.util);
importPackage(Packages.java.lang);
attr = new IdPAttribute("ScriptedOne");
set = new HashSet(2);
set.add(new StringAttributeValue("Value 1"));
set.add(new StringAttributeValue("Value 2"));
attr.setValues(set);
connectorResults.add(attr);
attr = new IdPAttribute("TwoScripted");
set = new HashSet(3);
set.add(new StringAttributeValue("1Value"));
set.add(new StringAttributeValue("2Value"));
set.add(new StringAttributeValue("3Value"));
attr.setValues(set);
connectorResults.add(attr);
]]></Script>
</DataConnector> |
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<DataConnector id="ScriptedAttributeConnector" xsi:type="ScriptedDataConnector">
<Script><![CDATA[
IdPAttribute = Java.type("net.shibboleth.idp.attribute.IdPAttribute");
StringAttributeValue = Java.type("net.shibboleth.idp.attribute.StringAttributeValue");
HashSet = Java.type("java.util.HashSet");
Integer = Java.type("java.lang.Integer");
attr = new IdPAttribute("ScriptedOne");
set = new HashSet(2);
set.add(new StringAttributeValue("Value 1"));
set.add(new StringAttributeValue("Value 2"));
attr.setValues(set);
connectorResults.add(attr);
attr = new IdPAttribute("TwoScripted");
set = new HashSet(3);
set.add(new StringAttributeValue("1Value"));
set.add(new StringAttributeValue("2Value"));
set.add(new StringAttributeValue("3Value"));
attr.setValues(set);
connectorResults.add(attr);
]]></Script>
</DataConnector> |
Spring Configuration 3.1
The Script Data Connector can be configured using the springResources or springResourcesRef attributes, but this is deprecated since it renders the "custom" object unusable.
A single bean can be specified, being of type EvaluableScript.