The ScriptedAttribute attribute definition constructs an output attribute via the execution of a JSR-223 script.
...
In particular, the beans named "shibboleth.HttpServletRequest" and "shibboleth.HttpServletResponse" allow access to the HTTP information associated with the request and response.
V2 Compatibility
| Note |
|---|
V2 Compatibility is deprecated. |
In order to support the majority of scripts written for V2, the runtime environment is extended in two ways:
...
Of course, for new scripts created for V3 alone, this isn't necessary.
Examples
Get eduPersonPrincipalName from LDAP or build one from uid
Variant 1: A "Prescoped" AttributeDefinition resolves existing eduPersonPrincipalName values from LDAP, plus it depends on the "ScriptedAttribute" one to generate missing values. The Script also needs a Dependency on the myLDAP DataConnector in order to have access to existing eduPersonPrincipalName and uid attribute values.
(Note that this variant will generate WARN-level entries in idp-process.log, due to the use of 2 Dependency elements while the specified sourceAttributeID only exists in one of them. That's a known issue with the resolver schema. To avoid the warning from getting logged you can add an entry to your logback.xml for the appropriate class ("net.shibboleth.idp.attribute.resolver.PluginDependencySupport"), setting the level to ERROR.)
...