The Shibboleth IdP V4 software will leave support on September 1, 2024.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 15 Next »

Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd

Overview

The Static data connector allows the generation of one or more fixed IdPAttribute objects from a statically-defined configuration.

It's particularly useful for defining "can't fail" backstops as a <FailoverDataConnector> for something more likely to break. While most connectors support various knobs to control error handling, it's quite difficult and sometimes impossible to absolutely guarantee that a weird problem doesn't ripple out and break the rest of the process, and this makes that essentially bulletproof.

It's also occasionally useful for passing statically-defined data to recalcitrant vendors operating badly broken SPs.

Reference

 Specific XML Elements

Name

Cardinality

Description

<Attribute>

1 or more

Each element defines an IdPAttribute to generate. Note that this is not the same as a <saml:Attribute> element found in other areas of the configuration, but a custom element specific to the resolver.

Each element MUST contain an XML Attribute named id that specifies the name of the IdPAttribute to generate. It MUST also contain one or more nested <Value> elements. The text content of the <Value> elements provide the string values of the attribute being generated.

 Common XML Attributes

Name

Type

Default

Description

id

String


Identifier for the DataConnector. This is used for logging, to establish dependencies, and as a target for failover.

activationConditionRef

Bean ID


Bean ID of a condition to decide whether to resolve this connector, see here.
Mutually exclusive with relyingParties and resolutionPhases and variants

relyingParties

Space-delimited list


List of entity IDs for which this connector should be resolved.
Mutually exclusive with activationConditionRef

excludeRelyingParties 4.1

Space-delimited list


List of entity IDs for which this connector should not be resolved.
Mutually exclusive with activationConditionRef

resolutionPhases 4.1

Space-delimited list


List of resolution phases (i.e. flows) during which this connector should be resolved.
Mutually exclusive with activationConditionRef

excludeResolutionPhases 4.1

Space-delimited list


List of resolution phases (i.e. flows) during which this connector should not be resolved.
Mutually exclusive with activationConditionRef

exportAttributes

Space-delimited list


List of attributes produced by the DataConnector that should be directly exported as resolved IdPAttributes without requiring actual AttributeDefinitions.

In the case of a name clash (a DataConnector exports an attribute with the same name as an AttributeDefinition, or another DataConnector exports the same attribute) the DataConnector attribute is NOT added and a warning issued.

noRetryDelay

Duration

0

Time between retries of a failed DataConnector (during the interval, failure is just assumed when the connector is run and no actual connection is attempted)

propagateResolutionExceptions

Boolean

true

Whether connector/plugin failure is fatal to the entire attribute resolution process

The following table contains advanced settings rarely used in common practice.

These are all DEPRECATED in 4.3

Name

Type

Description

springResources

String

DEPRECATED  in 4.3

A series of ';' separated resource names which contain Spring definitions for this connector.

Not valid for ComputedId and Stored DataConnector.

springResourcesRef

Bean ID

DEPRECATED  in 4.3

Bean ID of a List<Resource> which contain Spring definitions for this connector. See below.
Not valid for Computed and Stored DataConnector

factoryPostProcessorsRef

Bean ID

DEPRECATED  in 4.3

Bean ID of a List<BeanFactoryPostProcessor> for use when parsing the resources specified by springResources or springResourcesRef

postProcessorsRef

Bean ID

DEPRECATED  in 4.3

Bean ID of a List<BeanPostProcessor> for use when parsing the resources specified by springResources or springResourcesRef

profileContextStrategyRef

Bean ID

DEPRECATED  in 4.3

Bean ID of a function injected to override the normal lookup process for the request's ProfileRequestContext

 Common XML Elements

None of the common elements typical of DataConnectorConfiguration are supported, as this connector has neither dependencies nor failover (since it cannot fail).

Example

Example of a Static DataConnector
<DataConnector id="staticAttributes" xsi:type="Static">
	<Attribute id="eduPersonAffiliation">
		<Value>member</Value>
	</Attribute>
	<Attribute id="eduPersonEntitlement">
		<Value>https://example.org/entitlement/entitlement1</Value>
		<Value>urn:mace:dir:entitlement:common-lib-terms</Value>
	</Attribute>
</DataConnector>

Spring Configuration

The Static Data Connector can be configured in native Spring XML via the springResources or springResourcesRef attributes.

Example Spring configuration : conf/attribute-resolver.xml
<DataConnector id="staticAttributesSpring" xsi:type="Static"
	springResources="${idp.home}/conf/staticAttributesSpring.xml"/>

The Spring Resource must provide a bean of type Collection<IdPAttribute> populated via Collection<IdPAttributeValue>.

Example Spring configuration : conf/staticAttributesSpring.xml
 Click here to expand...
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:util="http://www.springframework.org/schema/util"
    xmlns:p="http://www.springframework.org/schema/p"
    xmlns:c="http://www.springframework.org/schema/c"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
                        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
                        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
    default-init-method="initialize" default-destroy-method="destroy">

    <util:list>
        <bean class="net.shibboleth.idp.attribute.IdPAttribute" c:_0="exampleAttributeId1">
            <property name="values">
                <list>
                    <bean class="net.shibboleth.idp.attribute.StringAttributeValue" c:_0="exampleAttributeValue1" />
                    <bean class="net.shibboleth.idp.attribute.StringAttributeValue" c:_0="exampleAttributeValue2" />
                </list>
            </property>
        </bean>
        <bean class="net.shibboleth.idp.attribute.IdPAttribute" c:_0="exampleAttributeId2">
            <property name="values">
                <list>
                    <bean class="net.shibboleth.idp.attribute.StringAttributeValue" c:_0="exampleAttributeValue3" />
                </list>
            </property>
        </bean>
    </util:list>
 
</beans>

  • No labels