The <QueryTemplate> element provides the template from which the LDAP search filter will be built.

Schema Name and Location

This element is defined by the urn:mace:shibboleth:2.0:resolver schema, which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd .

Typically the XML "CDATA" construct is used to wrap the text because it avoids the need for special escaping of most characters.

Examples

Using Principal Name

<FilterTemplate>
  <![CDATA[
          (uid=$resolutionContext.principal)
  ]]>
</FilterTemplate>

Using a Dependent Attribute

<FilterTemplate>
  <![CDATA[
          (uid=$employeeNumber.get(0))
  ]]>
</FilterTemplate>

Attributes

No attributes are defined.

Child Elements

No child elements are defined.

Template Context

As described below, several variables are available to the template context. In practice $resolutionContext.Principal and $attributeName will be useful.

Name	When Valid	Description
`resolutionContext`	always	The AttributeResolutionContext. Useful members include `$resolutionContext.principal`, `$resolutionContext.attributeRecipientID` and `$resolutionContext.principalAuthenticationMethod`
`requestContext`	The `springResource` attribute is not defined on the containing LDAPConnector	The legacy V2SAMLProfileRequestContext, provided for compatibility with most legacy query templates
`foo, bar, etc.`	Whenever the enclosing element has a dependency (attribute or data connector)	For each IdPAttribute available from all the provided dependencies, the attributes' values are available via the attribute's name. If the attribute only has a single value and you do not want the array characters '[' and ']' as part of your filter you can use AttributeName.get(0) to get that value.