Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
...
Localtabgroup | ||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
The script "context" defines the execution environment for the script and provides the following variables:
In addition, each defined dependency of the connector, it exists, will be present via an object which implements ScriptedIdPAttribute. For an AttributeDefinition dependency, that IdPAttribute is supplied. For a DataConnector dependency, each IdPAttribute produced by that connector is supplied. The variable's name will be the attribute ID of the attribute from the dependency. In the event that more than one dependency produces attributes with the same ID, the values of all of those attributes are merged and made available to the script. Note that any changes made to these dependency objects within the script will not be reflected in the result of the resolution process. In contrast, changes made to other objects accessed by means of the other variables in most cases will cause side effects, and should usually be avoided.
Wrapper ClassThe attribute variables (both input and output) available to the scripting environment are exposed using a wrapper class, ScriptedIdPAttribute, which has the following methods:
Adding ValuesValues are added by calling the Thus: Adding a String Attribute Value (Rhino)
Adding a Scoped Attribute Value (Nashorn)
The standard way of locating other context types in the tree of state information is via context navigation. The following example shows how to locate a peer context and a child context (the actual context types shown are examples only): Locating other contexts
The same logging framework used throughout the IdP (SLF4J) may be used for logging within a script. First import the package The string passed to the For more information on configuring logging within the IdP, see the LoggingConfiguration topic. Logging (Rhino)
Logging (Nashorn)
|
...
Get eduPersonPrincipalName
from LDAP or build one from uid
Variant 1: A "Prescoped" AttributeDefinition resolves existing eduPersonPrincipalName
values from LDAP, then depends on a "ScriptedAttribute" definition to generate missing values. The Script also needs a dependency on the myLDAP
DataConnector in order to have access to existing eduPersonPrincipalName
and uid
attribute values.
Minimal scripting, using Dependencies (Nashorn)
...