The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.
SimpleAttributeDefinition
Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
Overview
The Simple
attribute definition copies input attributes to an output attribute.
Historically this was used to 'expose' attributes sourced from a DataConnector, turning them from internal data into "real" attribute objects. This is no longer required as a DataConnector can "export" its results to produce first-order attribute objects if they require no post-processing.
Remaining use cases for this definition include (not exhaustively):
Attaching <AttributeEncoder> plugins (or
<Display>
and<Description>
elements) in the event that you prefer that to relying on the AttributeRegistryConfigurationCombining multiple source attributes into a new attribute containing a union of values
Duplicating an existing attribute under a separate ID
Conditionally producing an attribute object using an activation condition
Pre-resolving an attribute so it can be used within another connector or definition's activation condition. See PreRequestedAttributes.
Configuring this definition typically requires adding at least one <InputAttributeDefinition> or <InputDataConnector> element.
Reference
Example
In this example, the eduPersonEntitlement attribute is produced by merging two sources of entitlements to get the final set of values. If there were only a single source of values, the definiton would likely be unneeded.
<AttributeDefinition xsi:type="ad:Simple" id="eduPersonEntitlement">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonEntitlement" />
<InputDataConnector ref="groupDatabase" attributeNames="groupURLs" />
</AttributeDefinition>