ResponseMapping

Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd

Overview

The <ResponseMapping> element provides an instance of the HTTPResponseMappingStrategy interface that produces result attributes from a web service response, in real time, using a script. The supplied script is expected to consume the HttpResponse instance and produce any desired results. It may raise exceptions if necessary.

For simple use cases, the HttpClientSupport class includes a number of toString methods that can translate the entire response into a string using appropriate character set handling and while enforcing size limits. This supports chunked responses for which the server doesn't know the actual size ahead of time, which is common with web services.

In addition, note that Javascript interpreters include a JSON object that automates the parsing of JSON data.

Reference

The <ResponseMapping> element is a configuration element of type ScriptType and shares its general syntax.

Name

Type

Default

Description

Name

Type

Default

Description

language

String

javascript

Defines the JSR-223 language to use

customObjectRef

Bean ID

 

Any bean defined elsewhere in the configuration

If the customObjectRef attribute is present, the result of the referenced Spring bean is made available to the script in a variable named custom. This is in addition to the normal script context discussed below.

Name

Cardinality

Description

Name

Cardinality

Description

<Script>


Exactly One

An inline script

<ScriptFile>

Path to a local file or classpath resource containing the script

The script may be stored in a local file (with <ScriptFile>) or written inline (with <Script>). An inline script should be wrapped with a CDATA section to prevent interpretation of any special XML characters that may be included in the script.

As enumerated below, several variables are available in the template context.

Name

Description

Name

Description

response

Instance of HttpResponse to process

log

A class logger for debugging

custom

Custom object supplied via customObjectRef configuration attribute, if any

connectorResults

Pre-defined Set<IdPAttribute> variable to populate with output results

Unlike a lot of the scripted versions of objects across the system, there is no direct access to the ProfileRequestContext tree that exposes the state of the request. However, it's easy to get access to it by using a servlet request attribute named "opensamlProfileRequestContext". You can inject the servlet request object through the customObjectRef hook (set it to "shibboleth.HttpServletRequest").

Example

The example illustrates a JSON-based web service. Some of the error handling in the JSON structure is elided, but it illustrates that the response data can be trivially turned into native Javascript objects with a couple of lines of code, and the rest is mechanical.

Example processing a JSON response
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 <ResponseMapping> <Script> <![CDATA[ var HashSet = Java.type("java.util.HashSet"); var HttpClientSupport = Java.type("net.shibboleth.utilities.java.support.httpclient.HttpClientSupport"); var IdPAttribute = Java.type("net.shibboleth.idp.attribute.IdPAttribute"); var StringAttributeValue = Java.type("net.shibboleth.idp.attribute.StringAttributeValue");   // Limits length to 64k var body = HttpClientSupport.toString(response.getEntity(), "UTF-8", 65536); var result = JSON.parse(body); var attr = new IdPAttribute("grouperGroup"); var values = new HashSet(); if (result.wsGroups != null) { for (var i=0; i<result.wsGroups.length; i++) { values.add(new StringAttributeValue(result.wsGroups[i].name)); } } attr.setValues(values); ]]> </Script> </ResponseMapping>