The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.

Developing Attribute Resolver Extensions

Owned by Rod Widdowson
Last updated: Aug 31, 2016
3 min read

Overview

bla bla bla

Implement the function

Data Connectors

Extend AbstractDataConnector and implement:

MethodRequiredPurpose
doDataConnectorResolveYesReturn a newly created and fully populated Map<String, IdPAttribute>
doInitializeNo

To check any preconditions before the resolver is first used

Ensure that there is a call to super.doInitialize() 

doDestroyNo

To tear down any structures when the Data Connector is finished with (due to shutdown or reload)

Ensure that there is a call to super.doDestroy()   

The above are the methods you are most likely to implement.  There are others, consult the javadoc for the Abstract Class and its parent classes for more details.

Attribute Definitions

Extend AbstractAttributeDefinition and implement:

MethodRequiredPurpose
doAttributeDefinitionResolveYesReturn a newly created and fully populated IdPAttribute
doInitializeNo

To check any preconditions before the resolver is first used.

Ensure that there is a call to super.doInitialize() 

doDestroyNo

To tear down any structures when the resolver is finished with (due to shutdown or reload)

Ensure that there is a call to super.doDestroy()  

The above are the methods you are most likely to implement.  There are others, consult the Javadoc for the abstract Class and its parent classes for more details.

Principal Connectors

Do not implement Principal Connectors.  Principal Connectors are deprecated in V3 and are replaced by Subject Canonicalization Flows.

Parsers

In order to write a parser you must first devise the schema to describe the plugin.  This schema should

  1. Be made available to the IdP in the src\main\resources\schema directory of your project
  2. Be available at an http: location
  3. But also have a mapping available in the src\main\resources\META-INF\spring.schemas directory of your project.
  4. (optionally) be overridden in eclipse.

After which bla bla bla

Do I need a Factory Bean?

See this discussion

Data Connector Parsers

Extend AbstractDataConnectorParser and implement:

MethodRequiredPurpose
getNativeBeanClassYesReturn the class that your Data Connector Implements (or an appropriate Factory Bean)
doV2ParseYesTo parse your native Schema and populate the Data Connector or its Factory Bean

 The above are the methods you have to implement.  There are others, consult the Javadoc for the abstract class and its parent classes for more details.

Attribute Definition Parsers

Extend BaseAttributeDefinitionParser and implement:

MethodRequiredPurpose
getBeanClassYesReturn the class that your Attribute Resolver Implements (or an appropriate Factory Bean)
doParseYes

To parse your native Schema and populate the Data Connector or its Factory Bean

Ensure that this methods starts with a call to super.doParse() 

 The above are the methods you have to implement.  There are others, consult the Javadoc for the abstract class and its parent classes for more details.

Native Spring Configuration

It is possible to configure a data connector in "native" Spring and refer to it (as a dependency) in the proprietary syntax attribute-resolver.xml file.

 

Native Spring Configuration of the Static Data Connector"
<bean class="net.shibboleth.idp.attribute.resolver.dc.impl.StaticDataConnector" id="staticAttributes">
    <property name="values">
        <list>
            <bean class="net.shibboleth.idp.attribute.IdPAttribute" c:attributeId="staticEpA">
                <property name="values">
                    <bean class="net.shibboleth.idp.attribute.StringAttributeValue" c:attributeValue="member" />
                </property>
            </bean>
            <bean class="net.shibboleth.idp.attribute.IdPAttribute" c:attributeId="eduPersonEntitlement">
                <property name="values">
                    <list>
                        <bean class="net.shibboleth.idp.attribute.StringAttributeValue" c:attributeValue="urn:example.org:entitlement:entitlement1" />
                        <bean class="net.shibboleth.idp.attribute.StringAttributeValue" c:attributeValue="urn:mace:dir:entitlement:common-lib-terms" />
                    </list>
                </property>
            </bean>
        </list>
    </property>
</bean>
Using a Natively define Connector
<resolver:AttributeDefinition xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad" id="eduPersonAffiliation" sourceAttributeID="staticEpA">
    <resolver:Dependency ref="staticAttributes" />
</resolver:AttributeDefinition>

 

The native Spring configuration must not go onto the global.xml file.  It has to be contained in a file which is a peer of the attribute-resolver.xml file in the bean defined by idp.service.attribute.resolver.resources (see services.properties).

In a standard distribution this bean is defined in services.xml.

 

Native Spring Configuration of the Static Data Connector"
<util:list id ="shibboleth.AttributeResolverResources">
    <value>%{idp.home}/conf/attribute-resolver.xml</value>
    <value>%{idp.home}/conf/your-native-spring-dataconnector.xml</value>
</util:list>

Dependencies

Injecting dependencies into a Attribute Resolver Plugin using native spring is possible, but requires understanding how the Attribute Resolver handles Dependencies.

TBD