SimpleAttributeDefinition

Created by Scott Cantor
Last updated: Nov 10, 2021

Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd

Overview

The Simple attribute definition copies input attributes to an output attribute.

Historically this was used to 'expose' attributes sourced from a DataConnector, turning them from internal data into "real" attribute objects. This is no longer required as a DataConnector can "export" its results to produce first-order attribute objects if they require no post-processing.

Remaining use cases for this definition include (not exhaustively):

  • Attaching <AttributeEncoder> plugins (or <Display> and <Description> elements) in the event that you prefer that to relying on the AttributeRegistryConfiguration

  • Combining multiple source attributes into a new attribute containing a union of values

  • Duplicating an existing attribute under a separate ID

  • Conditionally producing an attribute object using an activation condition

  • Pre-resolving an attribute so it can be used within another connector or definition's activation condition. See PreRequestedAttributes.

Configuring this definition typically requires adding at least one <InputAttributeDefinition> or <InputDataConnector> element.

Reference

Name

Type

Default

Description

Name

Type

Default

Description

ignoreNullValues 4.2

boolean

false

If set to true then nulls values are removed during attribute resolution.

Example

In this example, the eduPersonEntitlement attribute is produced by merging two sources of entitlements to get the final set of values. If there were only a single source of values, the definiton would likely be unneeded.

1 2 3 4 <AttributeDefinition xsi:type="ad:Simple" id="eduPersonEntitlement"> <InputDataConnector ref="myLDAP" attributeNames="eduPersonEntitlement" /> <InputDataConnector ref="groupDatabase" attributeNames="groupURLs" /> </AttributeDefinition>