Static Data Connector

The static data connector declares a fixed attribute names and values to be released for every user serviced by the IdP. This is useful for providing user attributes that are the result of their participation within the organization represented by the IdP. For example, all users at a university may be entitled to a particular library resource. This library resource may key off a particular value of the eduPersonEntitlement attribute. This connector could be used to assign that value for that attribute to everyone in the university instead of having to add it to every user's entry in some back-office system.

1. Define the Connector

To define a new static data connector, create a <DataConnector xsi:type="Static" xmlns="urn:mace:shibboleth:2.0:resolver:dc"> with the following attributes:

id - A unique ID for this data connector used within the resolver configuration

2. Define the Static Attributes

Each static data connector contains one or more <Attribute> elements. Each <Attribute> must have an id attribute which gives the ID of the attribute. These identifiers are used to reference the attribute within the rest of the configuration file. If another component of the resolver references more than one connector that produce attributes with the same ID the referencing component sees a single attribute, with the ID, whose values are the union of all the values for the attributes with that ID. In other words, the attributes are merged into a single attribute.

Each <Attribute> element contains one or more <Value> elements. The contents of each <Value> element represents a value for the attribute. An <Attribute> containing 3 <Value> elements would be transformed into an attribute object with three string values.

Basic Format of Static Data Connector

<resolver:DataConnector id="UniqueConnectorID" xsi:type="Static" xmlns="urn:mace:shibboleth:2.0:resolver:dc">
     <Attribute id="AttributeID1">
          <Value>value1</Value>
     </Attribute>
     <Attribute id="AttributeID2">
          <Value>valueA</Value>
          <Value>valueB</Value>
     </Attribute>
</resolver:DataConnector>

Examples

The first example adds the value urn:mace:dir:entitlement:common-lib-terms to eduPersonEntitlement for all users. The name and value must still be released to SP's. This is cumulative with eduPersonEntitlements granted by other connectors.

<resolver:DataConnector id="staticEntitlements" xsi:type="dc:Static"
                                               xmlns="urn:mace:shibboleth:2.0:resolver:dc">
     <Attribute id="eduPersonEntitlement">
          <Value>urn:mace:dir:entitlement:common-lib-terms</Value>
     </Attribute>
</resolver:DataConnector>

The second example adds the values urn:mace:dir:entitlement:common-lib-terms and urn:example.org:permissions:portal to eduPersonEntitlement for all users and gives them a base eduPersonAffiliation of member. The name and value must still be released to SP's. This is cumulative with eduPersonEntitlements and eduPersonAffiliations granted by other connectors.

<resolver:DataConnector id="staticAttributes" xsi:type="dc:Static"
                                               xmlns="urn:mace:shibboleth:2.0:resolver:dc">
     <Attribute id="eduPersonEntitlement">
          <Value>urn:mace:dir:entitlement:common-lib-terms</Value>
          <Value>urn:example.org:permissions:portal</Value>
     </Attribute>
     <Attribute id="eduPersonAffiliation">
          <Value>member</Value>
     </Attribute>
</resolver:DataConnector>

Browser not supported