Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
Overview
The Mapped AttributeDefinition performs a many-to-one mapping from source attributes values to a return value according to a series of mapping statements. If an input value matches no mapping rule, then a default can be provided.
Reference
Specific XML Attributes
Name | Cardinality | Description |
|---|
<DefaultValue> | 0 or 1 | Describes the action to be taken if any input value does not match one of the <ValueMap>'s <SourceValue> elements that follow. If the passThru attribute is set to "true", then the input value is passed through untouched, otherwise the contents of the element are used as the default value. |
<ValueMap> | 1 or more | The <ValueMap> element supports two child elements: <ReturnValue> and <SourceValue>, see below |
The <ValueMap> element’s content consists of:
XML Element Name | Cardinality | Description |
|---|
<ReturnValue> | 1 | The content is used as the output value if any of the source values match. Replacement rules from Matcher.replaceAll(String) apply. |
<SourceValue> | 1 or more | The content is matched against each input value and if it matches, then the mapped <ReturnValue> is output. The mapping process depends on the value of the partialMatch attribute, which defaults to false. If partialMatch is set to true, then the source value is checked for containment within the input value, and if so, the return value replaces the original. If partialMatch is set to false, then the source value is a Java Regular Expression applied to the input value, and if a match, then the return value is applied as a replacement, with all matches replaced by the return value. Setting the caseSensitive attribute (default true) to false allows case insensitive comparisons to be made. This is only valid for regular expression matching (i.e., when partialMatch is false). |
Common XML Attributes
Name | Type | Default | Description |
|---|
id | String |
| Identifier for the IdPAttribute as well as its definition. This is used for logging and to establish dependencies and relationships between connectors and definitions, and to reference the data item in filter rules and many other configuration features. Note that the value MUST NOT contain whitespace, and use of certain other special characters will result in warnings that should be addressed in case the rules are made more strict in future versions. |
activationConditionRef | Bean Reference |
| Bean ID of a condition to decide whether to resolve this definition, see here.
Mutually exclusive with relyingParties and resolutionPhases and variants |
relyingParties | Space-delimited list |
| List of entity IDs for which this Attribute Definition should be resolved.
Mutually exclusive with activationConditionRef |
excludeRelyingParties 4.1 | Space-delimited list |
| List of entity IDs for which this Attribute Definition should not be resolved.
Mutually exclusive with activationConditionRef |
resolutionPhases 4.1 | space-delimited list |
| List of resolution phases (i.e. flows) during which this Attribute Definition should be resolved.
Mutually exclusive with activationConditionRef |
excludeResolutionPhases 4.1 | space-delimited list |
| List of resolution phases (i.e. flows) during which this Attribute Definition should not be resolved.
Mutually exclusive with activationConditionRef |
dependencyOnly | Boolean | false | If set to true, the attribute is not exposed outside the resolution process and is available solely within the resolution process |
preRequested | Boolean | false | If set to true, the attribute (and its dependencies) will be resolved in pre-pass and its value made available to other definitions' ActivationConditions. See PreRequestedAttributes for details. |
profileContextStrategyRef | Bean Reference |
| DEPRECATED in 4.3 Bean ID of a function injected to override the normal lookup process for the request's ProfileRequestContext |
Common XML Elements
At least one dependency element is required.
Name | Cardinality | Description |
|---|
<InputAttributeDefinition> | 0 or more | This element identifies an attribute definition which is an input to this attribute definition. |
<InputDataConnector> | 0 or more | This element identifies a data connector whose attributes are to be input to this attribute definition. |
<AttributeEncoder> | 0 or more | An inline definition of how an attribute will be encoded for inclusion in a message to a relying party. These are distinguished by an xsi:type attribute, and the different types are documented here. Replaceable via the more generic AttributeRegistryConfiguration. |
<DisplayName> | 0 or more | A human readable name for this attribute. This name may, for example, be displayed to the user to consent to the attribute's release. If multiple display names are used, then they should bear an xml:lang attribute to distinguish them. Replaceable via the more generic AttributeRegistryConfiguration. |
<DisplayDescription> | 0 or more | A human readable description of for this attribute. This name may, for example, be displayed to the user to consent to the attribute's release. If multiple display descriptions are used, then they should bear an xml:lang attribute to distinguish them. Replaceable via the more generic AttributeRegistryConfiguration. |
Example
<AttributeDefinition id="mapped" xsi:type="Mapped">
<InputAttributeDefinition ref="uid" />
<DefaultValue passThru="true"/>
<ValueMap>
<ReturnValue>return1</ReturnValue>
<SourceValue>sou.+rc.+e1</SourceValue>
<SourceValue partialMatch="true">fred</SourceValue>
<SourceValue caseSensitive="false">Ignore.+Case.+When.+Comparing</SourceValue>
</ValueMap>
<ValueMap>
<ReturnValue>return1</ReturnValue>
<SourceValue>source2</SourceValue>
</ValueMap>
<ValueMap>
<ReturnValue>some_string_to_add_before_value:$1</ReturnValue>
<SourceValue>(.+)</SourceValue>
</ValueMap>
<AttributeEncoder xsi:type="SAML2String" name="https://example.org/example/name" friendlyName="Mapped" encodeType="false" />
</AttributeDefinition>