The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.

ScriptedDataConnector

Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd

Overview

The ScriptedDataConnector data connector allows the creation of multiple IdPAttribute objects via a JSR-223 script. Scripts are somewhat easier to write and maintain than native Java code, though they are slower. They can also be changed dynamically since the resolver is a ReloadableService.

Script Context

The script "context" defines the execution environment for the script and provides the following variables:

  • resolutionContext

    • AttributeResolutionContext for the current resolution step, which exists within the tree of state information that tracks the current request

  • connectorResults

    • List which the connector populates with IdPAttribute objects and which form the output of the connector

  • profileContext

  • custom

    • Contains whatever bean was referenced by the customObjectRef XML Attribute

  • subjects

    • Array of Subject objects associated with this request. Note that these will only be present if the attribute resolution is associated with a completed authentication step (so is not present for back channel requests or certain other cases).

In addition, each defined dependency of the connector, it exists, will be present via an object which implements ScriptedIdPAttribute.

For an AttributeDefinition dependency, that IdPAttribute is supplied. For a DataConnector dependency, each IdPAttribute produced by that connector is supplied.

The variable's name will be the attribute ID of the attribute from the dependency. In the event that more than one dependency produces attributes with the same ID, the values of all of those attributes are merged and made available to the script.

Note that any changes made to these dependency objects within the script will not be reflected in the result of the resolution process. In contrast, changes made to other objects accessed by means of the other variables in most cases will cause side effects, and should usually be avoided.

Reference

Name

Type

Default

Description

Name

Type

Default

Description

language

string

JavaScript

Defines the JSR-223 language to use. The default is ECMA script using either the Rhino (Java 7) or Nashorn (Java 8+) engines.

This situation is in flux due to the removal of Nashorn from future Java versions, and plugins are available for V4.1+ that supply one of these options at the deployer's discretion.

customObjectRef

string



The name of a Spring Bean defined elsewhere. This bean will be made available to the script with the name "custom".

The following XML Elements are specific to this connector, and one of them must be supplied:

Name

Description

Name

Description

<Script>

The contents define the script to execute, usually wrapped in an XML CDATA block to avoid escaping

<ScriptFile>

The contents define a file which contains the script to execute

Examples

Nashorn Scripted Data Connector
<DataConnector id="ScriptedAttributeConnector" xsi:type="ScriptedDataConnector"> <Script><![CDATA[ IdPAttribute = Java.type("net.shibboleth.idp.attribute.IdPAttribute"); StringAttributeValue = Java.type("net.shibboleth.idp.attribute.StringAttributeValue"); HashSet = Java.type("java.util.HashSet"); Integer = Java.type("java.lang.Integer"); attr = new IdPAttribute("ScriptedOne"); set = new HashSet(2); set.add(new StringAttributeValue("Value 1")); set.add(new StringAttributeValue("Value 2")); attr.setValues(set); connectorResults.add(attr); attr = new IdPAttribute("TwoScripted"); set = new HashSet(3); set.add(new StringAttributeValue("1Value")); set.add(new StringAttributeValue("2Value")); set.add(new StringAttributeValue("3Value")); attr.setValues(set); connectorResults.add(attr); ]]></Script> </DataConnector>

This Rhino example is a hold over from older versions but may be useful in the future once it becomes a supported option again.

Rhino Scripted Data Connector
<DataConnector id="ScriptedAttributeConnector" xsi:type="ScriptedDataConnector"> <Script><![CDATA[ importPackage(Packages.net.shibboleth.idp.attribute); importPackage(Packages.java.util); importPackage(Packages.java.lang); attr = new IdPAttribute("ScriptedOne"); set = new HashSet(2); set.add(new StringAttributeValue("Value 1")); set.add(new StringAttributeValue("Value 2")); attr.setValues(set); connectorResults.add(attr); attr = new IdPAttribute("TwoScripted"); set = new HashSet(3); set.add(new StringAttributeValue("1Value")); set.add(new StringAttributeValue("2Value")); set.add(new StringAttributeValue("3Value")); attr.setValues(set); connectorResults.add(attr); ]]></Script> </DataConnector>

Â