The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.
FilterTemplate
- Rod Widdowson
- Scott Cantor
- Former user (Deleted)
The <QueryTemplate> element provides the template from which the LDAP search filter will be built.
Schema Name and Location
This element is defined by the urn:mace:shibboleth:2.0:resolver schema, which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd.
Typically the XML "CDATA" construct is used to wrap the text because it avoids the need for special escaping of most characters.
Examples
<FilterTemplate>
<![CDATA[
(uid=$resolutionContext.principal)
]]>
</FilterTemplate>
<FilterTemplate>
<![CDATA[
(uid=$employeeNumber.get(0))
]]>
</FilterTemplate>
Attributes
No attributes are defined.
Child Elements
No child elements are defined.
Template Context
As described below, several variables are available to the template context. In practice $resolutionContext.Principal and $attributeName will be useful.
| Name | When Valid | Description |
|---|---|---|
| always | The AttributeResolutionContext. Useful members include $resolutionContext., $resolutionContext. and $resolutionContext.principalAuthenticationMethod |
| The springResource attribute is not defined on the containing LDAPConnector | The legacy V2SAMLProfileRequestContext, provided for compatibility with most legacy query templates |
| Whenever the enclosing element has a dependency (attribute or data connector) | For each IdPAttribute available from all the provided dependencies, the attributes' values are available via the attribute's name. If the attribute only has a single value and you do not want the array characters '[' and ']' as part of your filter you can use AttributeName.get(0) to get that value. |