The <QueryTemplate>
element provides the template from which the LDAP search filter will be built.
Schema Name and Location
This element is defined by the urn:mace:shibboleth:2.0:resolver
schema, which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd.
Typically the XML "CDATA" construct is used to wrap the text because it avoids the need for special escaping of most characters.
Examples
<FilterTemplate> <![CDATA[ (uid=$resolutionContext.principal) ]]> </FilterTemplate>
<FilterTemplate> <![CDATA[ (uid=$employeeNumber.get(0)) ]]> </FilterTemplate>
Attributes
No attributes are defined.
Child Elements
No child elements are defined.
Template Context
As described below, several variables are available to the template context. In practice $resolutionContext.Principal
and $attributeName
will be useful.
Name | When Valid | Description |
---|---|---|
| always | The AttributeResolutionContext. Useful members include $resolutionContext. , $resolutionContext. and $resolutionContext.principalAuthenticationMethod |
| The springResource attribute is not defined on the containing LDAPConnector | The legacy V2SAMLProfileRequestContext, provided for compatibility with most legacy query templates |
| Whenever the enclosing element has a <Dependency> | For each IdPAttribute available from all the provided dependencies, the attributes' values are available via the attribute's name. If the attribute only has a single value and you do not want the array characters '[' and ']' as part of your filter you can use AttributeName.get(0) to get that value. |