The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.


The <QueryTemplate> element provides the template from which the LDAP search filter will be built.

Schema Name and Location

This element is defined by the urn:mace:shibboleth:2.0:resolver schema, which is located at

Typically the XML "CDATA" construct is used to wrap the text because it avoids the need for special escaping of most characters.


Using Principal Name
Using a Dependent Attribute


No attributes are defined.

Child Elements

No child elements are defined.

Template Context

As described below, several variables are available to the template context. In practice $resolutionContext.Principal and $attributeName will be useful.

NameWhen ValidDescription


alwaysThe AttributeResolutionContext. Useful members include $resolutionContext.principal, $resolutionContext.attributeRecipientID and $resolutionContext.principalAuthenticationMethod


The springResource attribute is not defined on the containing LDAPConnectorThe legacy V2SAMLProfileRequestContext, provided for compatibility with most legacy query templates

foo, bar, etc.

Whenever the enclosing element has a dependency (attribute or data connector)For each IdPAttribute available from all the provided dependencies, the attributes' values are available via the attribute's name. If the attribute only has a single value and you do not want the array characters '[' and ']' as part of your filter you can use AttributeName.get(0) to get that value.