The Shibboleth IdP V4 software will leave support on September 1, 2024.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 22 Current »

Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd

Overview

The Simple attribute definition copies input attributes to an output attribute.

Historically this was used to 'expose' attributes sourced from a DataConnector, turning them from internal data into "real" attribute objects. This is no longer required as a DataConnector can "export" its results to produce first-order attribute objects if they require no post-processing.

Remaining use cases for this definition include (not exhaustively):

  • Attaching <AttributeEncoder> plugins (or <Display> and <Description> elements) in the event that you prefer that to relying on the AttributeRegistryConfiguration

  • Combining multiple source attributes into a new attribute containing a union of values

  • Duplicating an existing attribute under a separate ID

  • Conditionally producing an attribute object using an activation condition

  • Pre-resolving an attribute so it can be used within another connector or definition's activation condition. See PreRequestedAttributes.

Configuring this definition typically requires adding at least one <InputAttributeDefinition> or <InputDataConnector> element.

Reference

Example

In this example, the eduPersonEntitlement attribute is produced by merging two sources of entitlements to get the final set of values. If there were only a single source of values, the definiton would likely be unneeded.

    <AttributeDefinition xsi:type="ad:Simple" id="eduPersonEntitlement">
        <InputDataConnector ref="myLDAP" attributeNames="eduPersonEntitlement" />
        <InputDataConnector ref="groupDatabase" attributeNames="groupURLs" />
    </AttributeDefinition>


  • No labels