Note |
---|
This feature is available with V3.4 of the software. |
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<DataConnector id="myHTTP" xsi:type="HTTP" httpClientRef="WebServiceHttpClient" httpClientSecurityParametersRef="ExampleOrgWSSecurity"> <URLTemplate> <![CDATA[ https://webservice.example.org/api/subject/$pathEscaper.escape($requestContext$resolutionContext.principal)/groups ]]> </URLTemplate> <ResponseMapping> <Script> <![CDATA[ var HashSet = Java.type("java.util.HashSet"); var HttpClientSupport = Java.type("net.shibboleth.utilities.java.support.httpclient.HttpClientSupport"); var IdPAttribute = Java.type("net.shibboleth.idp.attribute.IdPAttribute"); var StringAttributeValue = Java.type("net.shibboleth.idp.attribute.StringAttributeValue"); // Limits length to 64k var body = HttpClientSupport.toString(response.getEntity(), "UTF-8", 65536); var result = JSON.parse(body); var attr = new IdPAttribute("group"); var values = new HashSet(); if (result.groups != null) { for (var i=0; i<result.groups.length; i++) { values.add(new StringAttributeValue(result.groups[i].name)); } } attr.setValues(values); connectorResults.add(attr); ]]> </Script> </ResponseMapping> <ResultCache expireAfterWrite="PT5M"/> </DataConnector> |
...
Name | Type | Default | Description |
---|---|---|---|
httpClientRef | Bean ID | Bean ID of the HttpClient instance to use | |
httpClientSecurityParametersRef | Bean ID | Bean ID of the HttpClientSecurityParameters instance to use, ignored if one of the security shortcut settings are used | |
serverCertificate | Resource path | Path of resource containing a server certificate whose public key must match the server's. If set, httpClientSecurityParametersRef is ignored. | |
certificateAuthority | Resource path | Path of resource containing a certificate authority used to validate the server's certificate. If set, httpClientSecurityParametersRef is ignored. | |
clientPrivateKey | Resource path | Path of resource containing a private key used to authenticate the client to the server via TLS. If set, httpClientSecurityParametersRef is ignored. | |
clientCertificate | Resource path | Path of resource containing a certificate used to authenticate the client to the server via TLS. If set, httpClientSecurityParametersRef is ignored. | |
maxLength | Long | 0 | Limits size of response body to accept, or 0 for no limit. When used, only non-chunked responses that include a content length will be accepted. |
acceptStatuses | Collection<Integer> | 200 | Acceptable HTTP status codes |
acceptTypes | Collection<String> | Acceptable MIME content types | |
headerMapRef | Map<String,String> | Bean ID of a map of custom header names and values to set in the HTTP request | |
| Bean ID | Bean ID of a HTTPResponseMappingStrategy to process the result set in a pluggable way | |
validatorRef | Bean ID | Bean ID of a Validator to control what constitutes an initialization failure (the default does no validation) | |
executableSearchBuilderRef | Bean ID | Bean ID of an ExecutableSearchBuilder<HTTPSearch> to produce the request to execute | |
| Bean ID | Bean ID of a org.apache.velocity.app.VelocityEngine to use for processing the URL template, generally unnecessary |
...
Name | Cardinality | Description |
---|---|---|
0 or 1 | Template of a URL to execute via HTTP GET or POST | |
<BodyTemplate> | 0 or 1 | Template for a request body to submit via HTTP POST, requires use of <URLTemplate> |
<CacheKeyTemplate> | 0 or 1 | Template to produce a cache key to associate with the result of an HTTP POST, requires use of <BodyTemplate> |
<ResponseMapping> | 0 or 1 | Inline or external script to execute to process the response body |
0 or 1 | Defines how results should be cached. | |
| Bean ID (in the element content) defining how results should be cached as an externally defined com.google.common.cache.Cache<String,Map<String,IdPAttribute>> |
Externally (Spring) Defined Content
...
In practice, the HTTP Data Connector may be supplied with beans of the following types:
- ExecutableSearchBuilder<HTTPSearch>
- com.google.common.cache.Cache<String,Map<String,IdPAttribute>>
- Validator
- HTTPResponseMappingStrategy
In addition native bean IDs can be injected as follows:
- The HttpClient instance and its security settings are injected via the
httpClientRef
andhttpClientSecurityParametersRef
attributes. - The builder for the request can be specified as an externally defined bean via the
executableSearchBuilderRef
attribute (as a replacement for the<URLTemplate>
element and related elements). This allows for complete generality of the request-building process. - The processing of the response can be specified with an externally defined bean via the
mappingStrategyRef
attribute (as a replacement for the<ResponseMapping>
element). - The caching of results can be specified as an externally defined bean via the
<ResultCacheBean>
element (as a replacement for the<ResultCache>
element). - Rarely, a non-default Velocity engine can be injected via the
templateEngine
attribute.