The ScriptedAttribute
attribute definition constructs an output attribute via the execution of a JSR-223 script.
...
In particular, the beans named "shibboleth.HttpServletRequest
" and "shibboleth.HttpServletResponse
" allow access to the HTTP information associated with the request and response.
V2 Compatibility
Note |
---|
V2 Compatibility is deprecated. |
In order to support the majority of scripts written for V2, the runtime environment is extended in two ways:
...
Of course, for new scripts created for V3 alone, this isn't necessary.
Examples
Get eduPersonPrincipalName
from LDAP or build one from uid
Variant 1: A "Prescoped" AttributeDefinition resolves existing eduPersonPrincipalName
values from LDAP, plus it depends on the "ScriptedAttribute" one to generate missing values. The Script also needs a Dependency on the myLDAP
DataConnector in order to have access to existing eduPersonPrincipalName
and uid
attribute values.
(Note that this variant will generate WARN
-level entries in idp-process.log, due to the use of 2 Dependency
elements while the specified sourceAttributeID
only exists in one of them. That's a known issue with the resolver schema. To avoid the warning from getting logged you can add an entry to your logback.xml for the appropriate class ("net.shibboleth.idp.attribute.resolver.PluginDependencySupport"), setting the level to ERROR
.)
...