The Shibboleth IdP V4 software will leave support on September 1, 2024.

CacheKeyTemplate

Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd

Overview

The <CacheKeyTemplate> element provides the template from which a cache key associated with the result of the connector can be built. This element may be used when the <BodyTemplate> is used to trigger use of POST. Normally caching can be keyed off of the URL of a GET request since it will contain all of the request's variable state, but with POST this isn't possible. This allows the caching to be customized to the specific nature of a request, or disabled dynamically if an empty string is produced.

It carries no attributes or child elements.

Reference

As enumerated below, several variables are available in the template context. In practice, $resolutionContext.principal and various named dependent attributes (if any) tend to be most useful.

Name

Type

Description

Name

Type

Description

resolutionContext

AttributeResolutionContext

Commonly useful members include $resolutionContext.principal and $resolutionContext.attributeRecipientID

foo, bar, etc.

List<IdPAttributeValue>

For each IdPAttribute available from all the provided dependencies, the attributes' values are available as a collection under the attribute's name.

paramEscaper

com.google.common.escape.Escaper

For safe embedding of input data into a query parameter

fragmentEscaper

com.google.common.escape.Escaper

For safe embedding of input data into a URL fragment

pathEscaper

com.google.common.escape.Escaper

For safe embedding of input data into a URL path

xmlAttributeEscaper

com.google.common.escape.Escaper

For safe embedding of input data into an XML attribute

xmlContentEscaper

com.google.common.escape.Escaper

For safe embedding of input data in XML element content

httpClientSecurityParameters

HttpClientSecurityParameters

Rarely of interest but provides access to security parameters to be used during call

Example

The example demonstrates construction of a cache key based solely on an attribute unique to the identity of the subject.

<CacheKeyTemplate> <![CDATA[ $employeeNumber.get(0) ]]> </CacheKeyTemplate>