Versions Compared

Old Version 1

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 2

changes.mady.by.user Rod Widdowson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The IdP's Attribute Resolver performs three main tasks: pulling in data from external systems (e.g., LDAP directories and relational databases), creating attributes from the pulled in data, and associating protocol-specific encoders with the created attributes.

Table of Contents
minLevel2

...

It is important to note, only those attributes which are processed by an attribute definition are ever released outside the attribute resolver. Anything else is simply considered internal, to the resolver, information.

Attribute Encoders & Decoders

Warning

This section is now of historic nterest only.

These functions are now performanced by the Attribute Registry

We've mentioned Attribute Encoders a couple of times now. These components, as their name probably suggests, are used to encode attributes in to a protocol specific representation. As such they also contain any of the protocol-specific identification needed for the attribute. So, for example, a SAML 2 encoder would provide mechanisms for setting the attribute name and format and contain the logic necessary to produce the XML structure required by the SAML 2 specification.

...

Parameters to the Attribute Resolution process are supplied by the AttributeResolutionContext class. In addition the AttributeResolverWorkContext  is used as work space for the attribute resolution process;  this context is entirely private to the attribute resolution process and is only of interest to those components such as components derived from one of the Resolver Plugins.

 


Programming Guide to Attribute Resolution

...

  1. Create an AttributeResolutionContext and populate it with appropriate parameters:
    • The canonical Prinicipal name
    • The entityID of the IdP and the SP
    • Optional ID of an authentication flow used
    • Additionally the precise names of the attributes resolved can also be set.
  2. Locate an Attribute Resolver. This would usually be done via a ReloadableSpringService.  See ReloadableConfiguration.
  3. Call the resolver. After resolution, the result can be extracted via the getResolvedIdPAttributes() method and will usually be inserted into an AttributeContext.
  4. If using a ReloadableSpringService. do not forget to call unpinComponent.

...