Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
The PairwiseId data connector is primarily an extension point to allow production of values from a Spring-defined bean that implements the PairwiseIdStore interface.
This is an extension point for those wishing to substitute alternate implementations of the features normally supplied by the StoredIdConnector or ComputedIdConnector, which rely on the built-in implementations of the interface.
Configuration Reference
Attributes
Any of the common attributes can be specified.
Name | Type | Default | Description |
|---|---|---|---|
id | String | Identifier for the DataConnector. This is used for logging, to establish dependencies, and as a target for failover. | |
Bean ID | Bean ID of a condition to decide whether to resolve this connector, see here. | ||
relyingParties | Space-delimited list | List of entity IDs for which this connector should be resolved. | |
excludeRelyingParties 4.1 | Space-delimited list | List of entity IDs for which this connector should not be resolved. | |
resolutionPhases 4.1 | Space-delimited list | List of resolution phases (i.e. flows) during which this connector should be resolved. | |
excludeResolutionPhases 4.1 | Space-delimited list | List of resolution phases (i.e. flows) during which this connector should not be resolved. | |
exportAttributes | Space-delimited list | List of attributes produced by the DataConnector that should be directly exported as resolved IdPAttributes without requiring actual AttributeDefinitions. In the case of a name clash (a DataConnector exports an attribute with the same name as an AttributeDefinition, or another DataConnector exports the same attribute) the DataConnector attribute is NOT added and a warning issued. | |
noRetryDelay | Duration | 0 | Time between retries of a failed DataConnector (during the interval, failure is just assumed when the connector is run and no actual connection is attempted) |
propagateResolutionExceptions | Boolean | true | Whether connector/plugin failure is fatal to the entire attribute resolution process |
The following table contains advanced settings rarely used in common practice.
These are all DEPRECATED in 4.3
Name | Type | Description |
|---|---|---|
springResources | String | DEPRECATED in 4.3 A series of ';' separated resource names which contain Spring definitions for this connector. Not valid for ComputedId and Stored DataConnector. |
springResourcesRef | Bean ID | DEPRECATED in 4.3 Bean ID of a List<Resource> which contain Spring definitions for this connector. See below. |
factoryPostProcessorsRef | Bean ID | DEPRECATED in 4.3 Bean ID of a List<BeanFactoryPostProcessor> for use when parsing the resources specified by |
postProcessorsRef | Bean ID | DEPRECATED in 4.3 Bean ID of a List<BeanPostProcessor> for use when parsing the resources specified by |
profileContextStrategyRef | Bean ID | DEPRECATED in 4.3 Bean ID of a function injected to override the normal lookup process for the request's ProfileRequestContext |
In addition the following attributes are supported:
| Name | Type | Req? | Default | Description |
|---|---|---|---|---|
generatedAttributeID | string | ID of the connector | The id of the IdPAttribute that is generated | |
| pairwiseIdStoreRef | Bean ID | Y | Name of Spring bean implementing the PairwiseId interface |
Child Elements
Any of the common child elements can be specified.
Name | Cardinality | Description |
|---|---|---|
<InputAttributeDefinition> | 0 or more | This element identifies an attribute definition which is an input to this data connector |
<InputDataConnector> | 0 or more | This element identifies a data connector whose attributes are to be input to this data conector |
<FailoverDataConnector> | 0 or 1 | This element has a single attribute ref="whatever" whose content is the identifier of a data connector to resolve if this data connector fails (for instance due to the external data source being unavailable) |