Versions Compared

Old Version 1

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version Current

changes.mady.by.user Clay Cooper

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The ScriptedDataConnector data connector allows the creation of multiple IdPAttribute objects via a JSR-223 script. Scripts are somewhat easier to write and maintain than native Java code, though they are slower. They can also be changed dynamically since the resolver is a ReloadableService.

Script Context

The script "context" defines the execution environment for the script and provides the following variables:

  • resolutionContext

    • AttributeResolutionContext for the current resolution step, which exists within the tree of state information that tracks the current request

  • connectorResults

    • List which the connector populates with IdPAttribute objects and which form the output of the connector

  • profileContext

  • custom

    • Contains whatever bean was referenced by the customObjectRef XML Attribute

  • subjects

    • Array of Subject objects associated with this request. Note that these will only be present if the attribute resolution is associated with a completed authentication step (so is not present for back channel requests or certain other cases).

In addition, each defined dependency of the connector, it exists, will be present via an object which implements ScriptedIdPAttribute.

For an AttributeDefinition dependency, that IdPAttribute is supplied. For a DataConnector dependency, each IdPAttribute produced by that connector is supplied.

...

Expand
titleSpecific XML Attributes

Name

Type

Default

Description

language

string

JavaScript

Defines the JSR-223 language to use. The default is ECMA script using either the Rhino (Java 7) or Nashorn (Java 8+) engines.This situation is in flux due to the removal of Nashorn from future Java versions, and plugins are available for V4.1+ whatever scripting implementation is supplied. Plugins are available for that supply one of these options at the deployer's discretion, as Java no longer includes a Javascript implementation.

customObjectRef

string


The name of a Spring Bean defined elsewhere. This bean will be made available to the script with the name "custom".

...

Code Block
languagexml
<DataConnector id="ScriptedAttributeConnector" xsi:type="ScriptedDataConnector">
	<Script><![CDATA[
IdPAttribute = Java.type("net.shibboleth.idp.attribute.IdPAttribute");
StringAttributeValue = Java.type("net.shibboleth.idp.attribute.StringAttributeValue");
HashSetArrayList = Java.type("java.util.HashSetArrayList");
Integer
=
Java.type("java.lang.Integer");

attr = new IdPAttribute("ScriptedOne");
set = new HashSetArrayList(2);
set.add(new StringAttributeValue("Value 1"));
set.add(new StringAttributeValue("Value 2"));
attr.setValues(set);
connectorResults.add(attr);

attr = new IdPAttribute("TwoScripted");
set = new HashSetArrayList(3);
set.add(new StringAttributeValue("1Value"));
set.add(new StringAttributeValue("2Value"));
set.add(new StringAttributeValue("3Value"));
attr.setValues(set);
connectorResults.add(attr);
	]]></Script>
</DataConnector>

...

Code Block
languagexml
<DataConnector id="ScriptedAttributeConnector" xsi:type="ScriptedDataConnector">
	<Script><![CDATA[
importPackage(Packages.net.shibboleth.idp.attribute);
importPackage(Packages.java.util);
importPackage(Packages.java.lang);

attr = new IdPAttribute("ScriptedOne");
set = new HashSetArrayList(2);
set.add(new StringAttributeValue("Value 1"));
set.add(new StringAttributeValue("Value 2"));
attr.setValues(set);
connectorResults.add(attr);
attr = new IdPAttribute("TwoScripted");
set = new HashSetArrayList(3);
set.add(new StringAttributeValue("1Value"));
set.add(new StringAttributeValue("2Value"));
set.add(new StringAttributeValue("3Value"));
attr.setValues(set);
connectorResults.add(attr);
	]]></Script>
</DataConnector>

...