ResponseMapping

Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd

Overview

The <ResponseMapping> element provides an instance of the HTTPResponseMappingStrategy interface that produces result attributes from a web service response, in real time, using a script. The supplied script is expected to consume the HttpResponse instance and produce any desired results. It may raise exceptions if necessary.

For simple use cases, the HttpClientSupport class includes a number of toString methods that can translate the entire response into a string using appropriate character set handling and while enforcing size limits. This supports chunked responses for which the server doesn't know the actual size ahead of time, which is common with web services.

In addition, note that Javascript interpreters include a JSON object that automates the parsing of JSON data.

Reference

The <ResponseMapping> element is a configuration element of type ScriptType and shares its general syntax.

Name	Type	Default	Description

Name	Type	Default	Description
language	String	javascript	Defines the JSR-223 language to use
customObjectRef	Bean ID		Any bean defined elsewhere in the configuration

If the customObjectRef attribute is present, the result of the referenced Spring bean is made available to the script in a variable named custom. This is in addition to the normal script context discussed below.

Name	Cardinality	Description

Name	Cardinality	Description
<Script>	Exactly One	An inline script
<ScriptFile>	Exactly One	Path to a local file or classpath resource containing the script

The script may be stored in a local file (with <ScriptFile>) or written inline (with <Script>). An inline script should be wrapped with a CDATA section to prevent interpretation of any special XML characters that may be included in the script.

As enumerated below, several variables are available in the template context.

Name	Description

Name	Description
response	Instance of HttpResponse to process
log	A class logger for debugging
custom	Custom object supplied via `customObjectRef` configuration attribute, if any
connectorResults	Pre-defined Set<IdPAttribute> variable to populate with output results

Unlike a lot of the scripted versions of objects across the system, there is no direct access to the ProfileRequestContext tree that exposes the state of the request. However, it's easy to get access to it by using a servlet request attribute named "opensamlProfileRequestContext". You can inject the servlet request object through the customObjectRef hook; Set it to "shibboleth.HttpServletRequest" (or "shibboleth.HttpServletRequestSupplier" in V4.3 and later as per this link)

Example

The example illustrates a JSON-based web service. Some of the error handling in the JSON structure is elided, but it illustrates that the response data can be trivially turned into native Javascript objects with a couple of lines of code, and the rest is mechanical.

Example processing a JSON response

<ResponseMapping>
	<Script>
	<![CDATA[
	var HashSet = Java.type("java.util.HashSet");
	var HttpClientSupport = Java.type("net.shibboleth.utilities.java.support.httpclient.HttpClientSupport");
	var IdPAttribute = Java.type("net.shibboleth.idp.attribute.IdPAttribute");
	var StringAttributeValue = Java.type("net.shibboleth.idp.attribute.StringAttributeValue");
 
	// Limits length to 64k
	var body = HttpClientSupport.toString(response.getEntity(), "UTF-8", 65536);
	var result = JSON.parse(body);

	var attr = new IdPAttribute("grouperGroup");
	var values = new HashSet();
	if (result.wsGroups != null) {
		for (var i=0; i<result.wsGroups.length; i++) {
			values.add(new StringAttributeValue(result.wsGroups[i].name));
		}
	}
	attr.setValues(values);
	]]>
	</Script>
</ResponseMapping>