The ScriptedDataConnector
data connector allows the creation of multiple attributes by a JSR-233 script.
This xsi:type
is defined by the urn:mace:shibboleth:2.0:resolver
schema 3.3, which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd.
Prior to V3.3 supplied plugins were defined by a schema type ( xsi:type
) in the urn:mace:shibboleth:2.0:resolver:dc schema, which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-dc.xsd. This is still supported, but every element or type in the urn:mace:shibboleth:2.0:resolver:dc schema
has an equivalently named (but not necessarily identical) version in the urn:mace:shibboleth:2.0:resolver schema. The use of the urn:mace:shibboleth:2.0:resolver
schema also allows a relaxation of the ordering requirements of sub elements and so a more natural order can be applied. Note that versions earlier than 3.3 are no longer supported and you should look to upgrade at the soonest opportunity.
When specified in the urn:mace:shibboleth:2.0:resolve
r namespace the name was dc:Script
Any of the common attributes can be specified.
In addition, the following attributes may be provided:
Name | Type | Req? | Default | Description |
---|---|---|---|---|
language | string | N | JavaScript | Defines the JSR-233 language to use. The default is ECMA script using either the Rhino (Java 7) or Nashorn (Java 8) engines. |
| string | N | The name of a Spring Bean defined elsewhere. This bean will be made available to the script with the name "custom ". See the ScriptedAttributeDefinition for more details |
Any of the common child elements can be specified. In addition one of the following two elements must be defined:
Name | Cardinality | Description |
---|---|---|
<Script> |
| The contents define the script to execute |
<ScriptFile> | The contents define a file which contains the script to execute |
The script will have the following variables available:
customObjectRef
attribute (see above)javax.security.auth.Subject
objects associated with this authorization. Note that these will only be present if the attribute resolution has been associated with an Authentication (and so this will not work for back channel requests).<DataConnector id="ScriptedAttributeConnector" xsi:type="ScriptedDataConnector"> <Script><![CDATA[ importPackage(Packages.net.shibboleth.idp.attribute); importPackage(Packages.java.util); importPackage(Packages.java.lang); attr = new IdPAttribute("ScriptedOne"); set = new HashSet(2); set.add(new StringAttributeValue("Value 1")); set.add(new StringAttributeValue("Value 2")); attr.setValues(set); connectorResults.add(attr); attr = new IdPAttribute("TwoScripted"); set = new HashSet(3); set.add(new StringAttributeValue("1Value")); set.add(new StringAttributeValue("2Value")); set.add(new StringAttributeValue("3Value")); attr.setValues(set); connectorResults.add(attr); ]]></Script> </DataConnector> |
<DataConnector id="ScriptedAttributeConnector" xsi:type="ScriptedDataConnector"> <Script><![CDATA[ IdPAttribute = Java.type("net.shibboleth.idp.attribute.IdPAttribute"); StringAttributeValue = Java.type("net.shibboleth.idp.attribute.StringAttributeValue"); HashSet = Java.type("java.util.HashSet"); Integer = Java.type("java.lang.Integer"); attr = new IdPAttribute("ScriptedOne"); set = new HashSet(2); set.add(new StringAttributeValue("Value 1")); set.add(new StringAttributeValue("Value 2")); attr.setValues(set); connectorResults.add(attr); attr = new IdPAttribute("TwoScripted"); set = new HashSet(3); set.add(new StringAttributeValue("1Value")); set.add(new StringAttributeValue("2Value")); set.add(new StringAttributeValue("3Value")); attr.setValues(set); connectorResults.add(attr); ]]></Script> </DataConnector> |
The Script Data Connector can be configured using the springResources
or springResourcesRef
attributes, but this is deprecated since it renders the "custom" object unusable.
A single bean can be specified, being of type EvaluableScript.