/
DateTimeAttributeDefinition

The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.

DateTimeAttributeDefinition

This feature requires V4.3 of the IdP software.

Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd

Overview

The DateTime AttributeDefinition converts one or more input values into a Java Instant (an unambiguous timestamp based on the Unix epoch) . The resulting attribute's values are of type DateTimeAttributeValue. This definition type can convert string values that are either numeric, or that match a supplied DateTimeFormatter formatting string. Numeric values may be processed in seconds or in milliseconds since the Unix epoch. It is allowed to mix numeric and formatted string inputs.

Errors in converting data may be fatal or ignored.

Reference

The following are supported:

Name

Type

Default

Description

Name

Type

Default

Description

ignoreConversionErrors

Boolean

false

If the resulting IdPAttribute has fewer values than the number of input values, then the definition will raise a fatal error by default unless this setting is changed

epochInSeconds

Boolean

true

The default is to process numeric data as seconds since the epoch, in keeping with common usage on many platforms, but if false, milliseconds are used instead, as is typical in Java

formattingString

String

 

A pattern used to create a DateTimeFormatter object to apply to non-numeric String data input to the definition

Name

Type

Default

Description

Name

Type

Default

Description

id

String



Identifier for the IdPAttribute as well as its definition. This is used for logging and to establish dependencies and relationships between connectors and definitions, and to reference the data item in filter rules and many other configuration features.

Note that the value MUST NOT contain whitespace, and use of certain other special characters will result in warnings that should be addressed in case the rules are made more strict in future versions.

activationConditionRef

Bean Reference



Bean ID of a condition to decide whether to resolve this definition, see here.
Mutually exclusive with relyingParties and resolutionPhases and variants

relyingParties

Space-delimited list



List of entity IDs for which this Attribute Definition should be resolved.
Mutually exclusive with activationConditionRef

excludeRelyingParties 4.1

Space-delimited list



List of entity IDs for which this Attribute Definition should not be resolved.
Mutually exclusive with activationConditionRef

resolutionPhases 4.1

space-delimited list



List of resolution phases (i.e. flows) during which this Attribute Definition should be resolved.
Mutually exclusive with activationConditionRef

excludeResolutionPhases 4.1

space-delimited list



List of resolution phases (i.e. flows) during which this Attribute Definition should not be resolved.
Mutually exclusive with activationConditionRef

dependencyOnly

Boolean

false

If set to true, the attribute is not exposed outside the resolution process and is available solely within the resolution process

preRequested

Boolean

false

If set to true, the attribute (and its dependencies) will be resolved in pre-pass and its value made available to other definitions' ActivationConditions.

See PreRequestedAttributes for details.

profileContextStrategyRef

Bean Reference



DEPRECATED  in 4.3

Bean ID of a function injected to override the normal lookup process for the request's ProfileRequestContext

Name

Cardinality

Description

Name

Cardinality

Description

<InputAttributeDefinition>

0 or more

This element identifies an attribute definition which is an input to this attribute definition.

<InputDataConnector>

0 or more

This element identifies a data connector whose attributes are to be input to this attribute definition.

<AttributeEncoder>

0 or more

An inline definition of how an attribute will be encoded for inclusion in a message to a relying party. These are distinguished by an xsi:type attribute, and the different types are documented here.

Replaceable via the more generic AttributeRegistryConfiguration.

<DisplayName>

0 or more

A human readable name for this attribute. This name may, for example, be displayed to the user to consent to the attribute's release.

If multiple display names are used, then they should bear an xml:lang attribute to distinguish them.

Replaceable via the more generic AttributeRegistryConfiguration.

<DisplayDescription>

0 or more

A human readable description of for this attribute. This name may, for example, be displayed to the user to consent to the attribute's release.

If multiple display descriptions are used, then they should bear an xml:lang attribute to distinguish them.

Replaceable via the more generic AttributeRegistryConfiguration.

Examples

<AttributeDefinition id="expirationOfSomething" xsi:type="DateTime" epochInSeconds="false"> <InputAttributeDefinition ref="expTimeFromDirectory" /> </AttributeDefinition>