Page Comparison

Overview

The ComputedId data connector generates an attribute from the (usually SHA-1) digest of the requesting entityID, an attribute value, and a salt that must be kept secret to prevent off-line generation of the hashes to recover the underlying attribute value.

The attribute value is therefore opaque and unique per user, per relying party, suitable for use as a SAML "persistent" NameID or "pairwise-id" Subject Attribute.

Reference

Schema Name and Location

This xsi:type is defined by the urn:mace:shibboleth:2.0:resolver schema ^3.3, located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd

Prior to V3.3 supplied plugins were defined by a schema type (xsi:type) in the urn:mace:shibboleth:2.0:resolver:dc namespace, the schema for which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-dc.xsd. This is still supported, but every element or type in the  urn:mace:shibboleth:2.0:resolver:dc namespace has an equivalently named (but not necessarily identical) version in the urn:mace:shibboleth:2.0:resolver namespace. The use of the urn:mace:shibboleth:2.0:resolver namespace also allows a relaxation of the ordering requirements of child elements to reduce strictness.\

Reference

Attributes

Any of the common attributes can be specified. In addition the following attributes are supported:

generatedAttributeID

...

Any of the common child elements can be specified.

Examples

TODO: update this example with the new Dependency syntaxThe example produces a hashed value using an input value "Foo" from a DataConnector named "DataSourceForFoo".

<DataConnector id="ComputedIDConnector" xsi:type="ComputedId" 
   
sourceAttributeID="Foo"
	generatedAttributeID="ComputedID"
	salt="abcdefghijklmnopqrstuvwxyz"
	encoding="BASE32">

	<Dependency<InputDataConnector ref="AttributeSourceForFoo"DataSourceForFoo" attributeNames="Foo" />

</DataConnector>