Versions Compared

Old Version 16

changes.mady.by.user Rod Widdowson

Saved on

compared with

New Version Current

changes.mady.by.user Rod Widdowson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

  • dependencyOnly - a boolean flag that indicates the attribute produced by this definition is used only by other resolver components and should not be released from the resolver (default value: false)
  • sourceAttributeID - the ID of the attribute, from the dependency connectors, used to construct this attribute (default value: ID of this attribute)
Code Block
xml
xml
titleBasic Simple Attribute Definitionxml
<resolver:AttributeDefinition xsi:type="Mapped" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
                              id="UNIQUE_ID">

     <!-- Remaining configuration from the next step go here -->

</resolver:AttributeDefinition>

...

Dependencies are expressed by the <resolver:Dependency> with a ref attribute whose value is the unique ID of the attribute definition or the data connector that this connector depends on.

Code Block
xml
xml
titleBasic Mapped Attribute Definition with Dependenciesxml
<resolver:AttributeDefinition xsi:type="Mapped" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
                              id="UNIQUE_ID">


     <resolver:Dependency ref="DEFINITION_ID_1" />
     <resolver:Dependency ref="DEFINITION_ID_2" />
     <resolver:Dependency ref="CONNECTOR_ID_3" />
     <resolver:Dependency ref="CONNECTOR_ID_4" />

     <!-- Remaining configuration from the next step go here -->

</resolver:AttributeDefinition>

...

The mapped attribute definition can contain one or more value maps which define the actual mapping to perform. Each <ValueMap> defines a many-to-one mapping of source values to a return value. Many-to-many mappings can be achieved by using multiple maps. Each <ValueMap> contains a single <ReturnValue> and one or more <SourceValue> elements. The source value strings are regular expressions that are matched against source attributes. If the source attribute matches, it is mapped to the return value. <ReturnValue> may contain regular expression back references to capturing groups in the source value.

Code Block
xml
xml
titleBasic Mapped Attribute Definition with a Value Mapxml
<resolver:AttributeDefinition xsi:type="Mapped" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
                              id="UNIQUE_ID">

     <!-- Dependency and Failover information would go here -->
     
     <!-- DefaultValue configuration from the next step go here -->

     <ValueMap>
         <ReturnValue>RETURN_VALUE</ReturnValue>
         <SourceValue>SOURCE_VALUE_1</SourceValue>
         <SourceValue>SOURCE_VALUE_2</SourceValue>
         <SourceValue>SOURCE_VALUE_3</SourceValue>
     </ValueMap>

</resolver:AttributeDefinition>

...

Imagine the simple scenario in which you have a data store that contains an attribute myEduAffiliation. This attribute is populated with internal affiliation values for students and instructors, but you would like to map them to the controlled vocabulary used by eduPersonAffiliation. You might have a mapped attribute definition that looks something like this.

Code Block
xml
xml
titleExample Mapped Attribute Definition using mapsxml
<resolver:AttributeDefinition xsi:type="Mapped" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
                              id="UNIQUE_ID"
                              sourceAttributeID="myEduAffiliation">

     <resolver:Dependency ref="myLDAP" />

     <!-- default to the generic value 'affiliate' -->
     <DefaultValue>affiliate</DefaultValue>

     <!-- map internal values like 'student-worker' and 'undergraduate' to 'student' -->
     <ValueMap>
         <ReturnValue>student</ReturnValue>
         <SourceValue>student-.+</SourceValue>
         <SourceValue>undergraduate</SourceValue>
     </ValueMap>

     <!-- map your internal 'instructor' value to 'faculty' -->
     <ValueMap>
         <ReturnValue>faculty</ReturnValue>
         <SourceValue>instructor</SourceValue>
     </ValueMap>

     <!-- students and instructors are also 'members' -->
     <ValueMap>
         <ReturnValue>member</ReturnValue>
         <SourceValue>student-.+</SourceValue>
         <SourceValue>undergraduate</SourceValue>
         <SourceValue>instructor</SourceValue>
     </ValueMap>

</resolver:AttributeDefinition>

You can also leverage the regular expression power of the mapped attribute definition without using the mapping functionality by simply defining only a single source value. For example, imagine you have a name attribute legalName that is of the form "Last, First". However, you'd like to release that attribute as displayName of the form "First Last".

Code Block
xml
xml
titleExample Mapped Attribute Definition using regexxml
<resolver:AttributeDefinition xsi:type="Mapped" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
                              id="UNIQUE_ID"
                              sourceAttributeID="legalName">

     <resolver:Dependency ref="myLDAP" />

     <!-- if the name is not in the expected format, just return it as-is -->
     <DefaultValue passThru="true" />

     <!-- convert 'LastName, FirstName' to 'FirstName LastName' -->
     <ValueMap>
         <ReturnValue>$2 $1</ReturnValue>
         <SourceValue>(.+), (.+)</SourceValue>
     </ValueMap>

</resolver:AttributeDefinition>