SimpleAttributeDefinition

Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd

Overview

The Simple attribute definition copies input attributes to an output attribute.

Historically this was used to 'expose' attributes sourced from a DataConnector, turning them from internal data into "real" attribute objects. This is no longer required as a DataConnector can "export" its results to produce first-order attribute objects if they require no post-processing.

Remaining use cases for this definition include (not exhaustively):

  • Attaching <AttributeEncoder> plugins (or <Display> and <Description> elements) in the event that you prefer that to relying on the AttributeRegistryConfiguration

  • Combining multiple source attributes into a new attribute containing a union of values

  • Duplicating an existing attribute under a separate ID

  • Conditionally producing an attribute object using an activation condition

  • Pre-resolving an attribute so it can be used within another connector or definition's activation condition. See PreRequestedAttributes.

Configuring this definition typically requires adding at least one <InputAttributeDefinition> or <InputDataConnector> element.

Reference

Example

In this example, the eduPersonEntitlement attribute is produced by merging two sources of entitlements to get the final set of values. If there were only a single source of values, the definiton would likely be unneeded.

1 2 3 4 <AttributeDefinition xsi:type="ad:Simple" id="eduPersonEntitlement"> <InputDataConnector ref="myLDAP" attributeNames="eduPersonEntitlement" /> <InputDataConnector ref="groupDatabase" attributeNames="groupURLs" /> </AttributeDefinition>