The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.
Developing Attribute Resolver Extensions
Overview
bla bla bla
Implement the function
Data Connectors
Extend AbstractDataConnector and implement:
| Method | Required | Purpose |
|---|---|---|
doDataConnectorResolve | Yes | Return a newly created and fully populated Map<String, IdPAttribute> |
doInitialize | No | To check any preconditions before the resolver is first used Ensure that there is a call to |
doDestroy | No | To tear down any structures when the Data Connector is finished with (due to shutdown or reload) Ensure that there is a call to |
The above are the methods you are most likely to implement. There are others, consult the javadoc for the Abstract Class and its parent classes for more details.
Attribute Definitions
Extend AbstractAttributeDefinition and implement:
| Method | Required | Purpose |
|---|---|---|
doAttributeDefinitionResolve | Yes | Return a newly created and fully populated IdPAttribute |
doInitialize | No | To check any preconditions before the resolver is first used. Ensure that there is a call to |
doDestroy | No | To tear down any structures when the resolver is finished with (due to shutdown or reload) Ensure that there is a call to |
The above are the methods you are most likely to implement. There are others, consult the Javadoc for the abstract Class and its parent classes for more details.
Principal Connectors
Do not implement Principal Connectors. Principal Connectors are deprecated in V3 and are replaced by Subject Canonicalization Flows.
Parsers
In order to write a parser you must first devise the schema to describe the plugin. This schema should
- Be made available to the IdP in the src\main\resources\schema directory of your project
- Be available at an http: location
- But also have a mapping available in the src\main\resources\META-INF\spring.schemas directory of your project.
- (optionally) be overridden in eclipse.
After which bla bla bla
Do I need a Factory Bean?
See this discussion
Data Connector Parsers
Extend AbstractDataConnectorParser and implement:
| Method | Required | Purpose |
|---|---|---|
getNativeBeanClass | Yes | Return the class that your Data Connector Implements (or an appropriate Factory Bean) |
doV2Parse | Yes | To parse your native Schema and populate the Data Connector or its Factory Bean |
The above are the methods you have to implement. There are others, consult the Javadoc for the abstract class and its parent classes for more details.
Attribute Definition Parsers
Extend BaseAttributeDefinitionParser and implement:
| Method | Required | Purpose |
|---|---|---|
getBeanClass | Yes | Return the class that your Attribute Resolver Implements (or an appropriate Factory Bean) |
doParse | Yes | To parse your native Schema and populate the Data Connector or its Factory Bean Ensure that this methods starts with a call to |
The above are the methods you have to implement. There are others, consult the Javadoc for the abstract class and its parent classes for more details.
Native Spring Configuration
It is possible to configure a data connector in "native" Spring and refer to it (as a dependency) in the proprietary syntax attribute-resolver.xml file.
<bean class="net.shibboleth.idp.attribute.resolver.dc.impl.StaticDataConnector" id="staticAttributes">
<property name="values">
<list>
<bean class="net.shibboleth.idp.attribute.IdPAttribute" c:attributeId="staticEpA">
<property name="values">
<bean class="net.shibboleth.idp.attribute.StringAttributeValue" c:attributeValue="member" />
</property>
</bean>
<bean class="net.shibboleth.idp.attribute.IdPAttribute" c:attributeId="eduPersonEntitlement">
<property name="values">
<list>
<bean class="net.shibboleth.idp.attribute.StringAttributeValue" c:attributeValue="urn:example.org:entitlement:entitlement1" />
<bean class="net.shibboleth.idp.attribute.StringAttributeValue" c:attributeValue="urn:mace:dir:entitlement:common-lib-terms" />
</list>
</property>
</bean>
</list>
</property>
</bean>
<resolver:AttributeDefinition xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad" id="eduPersonAffiliation" sourceAttributeID="staticEpA">
<resolver:Dependency ref="staticAttributes" />
</resolver:AttributeDefinition>
The native Spring configuration must not go onto the global.xml file. It has to be contained in a file which is a peer of the attribute-resolver.xml file in the bean defined by idp.service.attribute.resolver.resources (see services.properties).
In a standard distribution this bean is defined in services.xml.
<util:list id ="shibboleth.AttributeResolverResources">
<value>%{idp.home}/conf/attribute-resolver.xml</value>
<value>%{idp.home}/conf/your-native-spring-dataconnector.xml</value>
</util:list>
Dependencies
Injecting dependencies into a Attribute Resolver Plugin using native spring is possible, but requires understanding how the Attribute Resolver handles Dependencies.
TBD