Template Attribute Definition
A template attribute definition uses the Velocity Template Language to construct values from its dependencies.
1. Define the Definition
The definition is defined with the element <resolver:AttributeDefinition xsi:type="Template" xmlns="urn:mace:shibboleth:2.0:resolver:ad">
with the following required attribute:
- id - assigns a unique, within the resolver, identifier that may be used to reference this definition
and the following optional attributes:
- dependencyOnly - a boolean flag that indicates the attribute produced by this definition is used only by other resolver components and should not be released from the resolver (default value: false)
<resolver:AttributeDefinition xsi:type="Template" xmlns="urn:mace:shibboleth:2.0:resolver:ad" id="UNIQUE_ID"> <!-- Remaining configuration from the next step go here --> </resolver:AttributeDefinition>
2. Define Dependencies
It is very common for one component, like attribute definitions, within the attribute resolver to depend on information retrieved or constructed from another component.
Dependencies are expressed by the <resolver:Dependency>
with a ref
attribute whose value is the unique ID of the attribute definition or the data connector that this connector depends on.
<resolver:AttributeDefinition xsi:type="Template" xmlns="urn:mace:shibboleth:2.0:resolver:ad" id="UNIQUE_ID"> <resolver:Dependency ref="DEFINITION_ID_1" /> <resolver:Dependency ref="DEFINITION_ID_2" /> <resolver:Dependency ref="CONNECTOR_ID_3" /> <resolver:Dependency ref="CONNECTOR_ID_4" /> <!-- Remaining configuration from the next step go here --> </resolver:AttributeDefinition>
3. Define Template and Source Attributes
Template attribute definitions require one or more <SourceAttribute>
elements to define which attributes from the definition's dependencies will be made available to the template engine. The template is defined using a single <Template>
element. If no template is defined, a default template is used which combines all source attributes into a space-delimited list.
The following example demonstrates constructing eduCourseOffering
attributes by combining three different attributes obtained from the definition's dependencies.
<resolver:AttributeDefinition xsi:type="Template" xmlns="urn:mace:shibboleth:2.0:resolver:ad" id="eduCourseOffering"> <resolver:Dependency ref="myDatabase" /> <Template> <![CDATA[ http://example.edu/courses/${academic_term}/${course_id}/${course_section} ]]> </Template> <SourceAttribute>academic_term</SourceAttribute> <SourceAttribute>course_id</SourceAttribute> <SourceAttribute>course_section</SourceAttribute> </resolver:AttributeDefinition>
4. Define an encoding method
For the attribute to be passed on, an encoding needs to be defined that wraps the attribute defined in the template. Note that the encoding declaration cannot simply re-use the id used in the attribute definition. As an example, we could construct an email address from the LDAP uid (when email address is not in the LDAP directory)
<resolver:AttributeDefinition xsi:type="Template" xmlns="urn:mace:shibboleth:2.0:resolver:ad" id="mailtemp"> <resolver:Dependency ref="myLDAP" /> <Template> <![CDATA[ ${uid}@podunk.edu ]]> </Template> <SourceAttribute>uid</SourceAttribute> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="mail" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="mailtemp"> <resolver:Dependency ref="mailtemp" /> <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="urn:mace:dir:attribute-def:mail" /> <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" /> </resolver:AttributeDefinition>