Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
...
The ScriptedAttribute AttributeDefinition constructs an output attribute via the execution of a JSR-223 script. Scripts are somewhat easier to write and maintain than native Java code, though they are slower. They can also be changed dynamically since the attribute resolver is a ReloadableService.
...
| Expand |
|---|
| title | Specific XML Attributes |
|---|
|
Name | Type | Default | Description |
|---|
language | string | JavaScript | The default is ECMA script using either the Rhino (Java 7) or Nashorn (Java 8+) engines.This situation is in flux due to the removal of Nashorn from future Java versions, and there are plans to provide a V4.1+ plugin that supplies one of these options in the future at the deployer's discretiona supplied scriping engine. Plugins are available since Java no longer includes such an implementation. | customObjectRef | string | | The name of a Spring Bean defined elsewhere. This bean will be made available to the script in a variable named "custom". |
|
...
| Expand |
|---|
| title | Common XML Attributes |
|---|
|
| Include Page |
|---|
| IDP4:AttributeDefinitionCommonAttributesIDP4: |
|---|
| AttributeDefinitionCommonAttributes |
|---|
|
|
| Expand |
|---|
|
| Include Page |
|---|
| IDP4:AttributeDefinitionCommonChildElementsIDP4: |
|---|
| AttributeDefinitionCommonChildElements |
|---|
|
|
...
Get eduPersonPrincipalName from LDAP or build one from uid
Variant 1: A "Prescoped" AttributeDefinition resolves existing eduPersonPrincipalName values from LDAP, then depends on a "ScriptedAttribute" definition to generate missing values. The Script also needs a dependency on the myLDAP DataConnector in order to have access to existing eduPersonPrincipalName and uid attribute values.
Minimal scripting, using Dependencies (Nashorn)
...