The Shibboleth IdP V4 software will leave support on September 1, 2024.
SimpleAttributeDefinition
Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
Overview
The Simple attribute definition copies input attributes to an output attribute.
Historically this was used to 'expose' attributes sourced from a DataConnector, turning them from internal data into "real" attribute objects. This is no longer required as a DataConnector can "export" its results to produce first-order attribute objects if they require no post-processing.
Remaining use cases for this definition include (not exhaustively):
Attaching <AttributeEncoder> plugins (or
<Display>and<Description>elements) in the event that you prefer that to relying on the AttributeRegistryConfigurationCombining multiple source attributes into a new attribute containing a union of values
Duplicating an existing attribute under a separate ID
Conditionally producing an attribute object using an activation condition
Pre-resolving an attribute so it can be used within another connector or definition's activation condition. See PreRequestedAttributes.
Configuring this definition typically requires adding at least one <InputAttributeDefinition> or <InputDataConnector> element.
Reference
Example
In this example, the eduPersonEntitlement attribute is produced by merging two sources of entitlements to get the final set of values. If there were only a single source of values, the definiton would likely be unneeded.
<AttributeDefinition xsi:type="ad:Simple" id="eduPersonEntitlement">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonEntitlement" />
<InputDataConnector ref="groupDatabase" attributeNames="groupURLs" />
</AttributeDefinition>