Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
| Table of Contents |
|---|
Overview
The ScriptedDataConnector data connector allows the creation of multiple IdPAttribute objects via a JSR-223 script. Scripts are somewhat easier to write and maintain than native Java code, though they are slower. They can also be changed dynamically since the resolver is a ReloadableService.
...
The script "context" defines the execution environment for the script and provides the following variables:
resolutionContext
AttributeResolutionContext for the current resolution step, which exists within the tree of state information that tracks the current request
connectorResults
List which the connector populates with IdPAttribute objects and which form the output of the connector
profileContext
ProfileRequestContext for the current resolution request, the "root" of the tree of state information
custom
Contains whatever bean was referenced by the
customObjectRefXML Attribute
subjects
Array of Subject objects associated with this request. Note that these will only be present if the attribute resolution is associated with a completed authentication step (so is not present for back channel requests or certain other cases).
In addition, each defined dependency of the connector, it exists, will be present via an object which implements ScriptedIdPAttribute.
...
Note that any changes made to these dependency objects within the script will not be reflected in the result of the resolution process. In contrast, changes made to other objects accessed by means of the other variables in most cases will cause side effects, and should usually be avoided.
Reference
| Localtabgroup | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
The following XML Elements are specific to this connector, and one of them must be supplied:
|
Examples
...
...
Nashorn Scripted Data Connector
| Code Block | ||
|---|---|---|
| ||
<DataConnector id="ScriptedAttributeConnector" xsi:type="ScriptedDataConnector">
<Script><![CDATA[
IdPAttribute = Java.type("net.shibboleth.idp.attribute.IdPAttribute");
StringAttributeValue = Java.type("net.shibboleth.idp.attribute.StringAttributeValue");
HashSet = Java.type("java.util.HashSet");
Integer = Java.type("java.lang.Integer");
attr = new IdPAttribute("ScriptedOne");
set = new HashSet(2);
set.add(new StringAttributeValue("Value 1"));
set.add(new StringAttributeValue("Value 2"));
attr.setValues(set);
connectorResults.add(attr);
attr = new IdPAttribute("TwoScripted");
set = new HashSet(3);
set.add(new StringAttributeValue("1Value"));
set.add(new StringAttributeValue("2Value"));
set.add(new StringAttributeValue("3Value"));
attr.setValues(set);
connectorResults.add(attr);
]]></Script>
</DataConnector> |
This Rhino example is a hold over from older versions but may be useful in the future once it becomes a supported option again.
...
...
Rhino Scripted Data Connector
| Code Block | ||
|---|---|---|
| ||
<DataConnector id="ScriptedAttributeConnector" xsi:type="ScriptedDataConnector">
<Script><![CDATA[
importPackage(Packages.net.shibboleth.idp.attribute);
importPackage(Packages.java.util);
importPackage(Packages.java.lang);
attr = new IdPAttribute("ScriptedOne");
set = new HashSet(2);
set.add(new StringAttributeValue("Value 1"));
set.add(new StringAttributeValue("Value 2"));
attr.setValues(set);
connectorResults.add(attr);
attr = new IdPAttribute("TwoScripted");
set = new HashSet(3);
set.add(new StringAttributeValue("1Value"));
set.add(new StringAttributeValue("2Value"));
set.add(new StringAttributeValue("3Value"));
attr.setValues(set);
connectorResults.add(attr);
]]></Script>
</DataConnector> |
...