Note |
---|
Using this plugin requires that the plugins.so extension library be loaded via the |
Table of Contents |
---|
Overview
Identified by type="GSSAPI"
, this AttributeExtractor implements an XML-based rule syntax for designating GSS-API naming extensions to decode into internal attributes.
...
This extractor's configuration is implemented as a reloadable XML resource, which means that the XML content can be supplied inline, in a local file, or a remote file, and can be monitored for changes and reloaded on the fly (but see the warning below). The root of the XML in any of those cases MUST be an <am:Attributes>
element, either as a child element in an existing file or the root of a different file.
...
It supports all of the attributes common to all reloadable configuration resources:
Include Page | ||||
---|---|---|---|---|
|
Child Elements
The following child element must be provided, either inline, or as the root element of a local or remote XML resource to load from, which would be specified via the attribute(s) above.
Name | Cardinality | Description |
---|---|---|
<am:Attributes> | 1 | Root element of configuration |
When a non-inline configuration is used, it supports the following child elements common to all reloadable configuration resources.
Include Page | ||||
---|---|---|---|---|
|
<am:Attributes>
Element Reference
...
The following child element content is supported:
Name | Cardinality | Description | |
---|---|---|---|
<am:GSSAPIAttribute> | 1 or more | An extraction rule |
<am:GSSAPIAttribute>
Element Reference
Each <am:GSSAPIAttribute>
element element describes an extraction rule, the core of this plugin's behavior.
...
An extraction rule supports the following XML attributes:
Name | Type | Req? | Default | Description |
---|---|---|---|---|
id | string | Y | Name of the attribute to create | |
name | string | Y | GSS-API naming extension attribute to extract from | |
authenticated | boolean | true | If true, only authenticated GSS-API naming attributes are processed | |
scopeDelimeter | character | If set, all values of the naming attribute must contain the character, and it is used to split the value into a two-part construct expressed as a scoped attribute | ||
binary | boolean | false | If set, this overrides the |
Examples
A typical non-inline configuration of this plugin is:
...
Specifying a GSSAPI Extractor in another file
Code Block | ||||
---|---|---|---|---|
| ||||
<AttributeExtractor type="GSSAPI" reloadChanges="false" path="gss-api.xml"/> |
A simple example configuration:
Code Block | ||||
---|---|---|---|---|
| ||||
<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map"> <GSSAPIAttribute name="urn:ietf:params:gss-eap:radius-avp urn:x-radius:1" id="radius-1"/> </Attributes> |
...