You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
Version 1
Next »
Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
Overview
The Static data connector allows the generation of one or more fixed IdPAttribute objects from a statically-defined configuration.
It's particularly useful for defining "can't fail" backstops as a <FailoverDataConnector> for something more likely to break. While most connectors support various knobs to control error handling, it's quite difficult and sometimes impossible to absolutely guarantee that a weird problem doesn't ripple out and break the rest of the process, and this makes that essentially bulletproof.
It's also occasionally useful for passing statically-defined data to recalcitrant vendors operating badly broken SPs.
Reference
Specific XMLAttribute
Name | Type | Description |
|---|
attributeListRef 4.3 | Bean Id | Bean Id of a List<IdPAttribute> which will be the attributes the connector returns. |
Specific XML Elements
Name | Cardinality | Description |
|---|
<Attribute> | 1 or more | Each element defines an IdPAttribute to generate. Note that this is not the same as a <saml:Attribute> element found in other areas of the configuration, but a custom element specific to the resolver. Each element MUST contain an XML Attribute named id that specifies the name of the IdPAttribute to generate. It MUST also contain one or more nested <Value> elements. The text content of the <Value> elements provide the string values of the attribute being generated. |
Common XML Attributes
Name | Type | Default | Description |
|---|
id | String |
| Identifier for the DataConnector. This is used for logging, to establish dependencies, and as a target for failover. |
activationConditionRef | Bean ID |
| Bean ID of a condition to decide whether to resolve this connector, see here.
Mutually exclusive with relyingParties and resolutionPhases and variants |
relyingParties | Space-delimited list |
| List of entity IDs for which this connector should be resolved.
Mutually exclusive with activationConditionRef |
excludeRelyingParties | Space-delimited list |
| List of entity IDs for which this connector should not be resolved.
Mutually exclusive with activationConditionRef |
resolutionPhases | Space-delimited list |
| List of resolution phases (i.e. flows) during which this connector should be resolved.
Mutually exclusive with activationConditionRef |
excludeResolutionPhases | Space-delimited list |
| List of resolution phases (i.e. flows) during which this connector should not be resolved.
Mutually exclusive with activationConditionRef |
exportAttributes | Space-delimited list |
| List of attributes produced by the DataConnector that should be directly exported as resolved IdPAttributes without requiring actual AttributeDefinitions. In the case of a name clash (a DataConnector exports an attribute with the same name as an AttributeDefinition, or another DataConnector exports the same attribute) the DataConnector attribute is NOT added and a warning issued. |
noRetryDelay | Duration | 0 | Time between retries of a failed DataConnector (during the interval, failure is just assumed when the connector is run and no actual connection is attempted) |
propagateResolutionExceptions | Boolean | true | Whether connector/plugin failure is fatal to the entire attribute resolution process.
If this is set to false the error is logged and the data connector returns no attributes. |
Common XML Elements
None of the common elements typical of DataConnectorConfiguration are supported, as this connector has neither dependencies nor failover (since it cannot fail).
Example
Example of a Static DataConnector
<DataConnector id="staticAttributes" xsi:type="Static">
<Attribute id="eduPersonAffiliation">
<Value>member</Value>
</Attribute>
<Attribute id="eduPersonEntitlement">
<Value>https://example.org/entitlement/entitlement1</Value>
<Value>urn:mace:dir:entitlement:common-lib-terms</Value>
</Attribute>
</DataConnector>
Spring Configuration 4.3
The Static Data Connector can be configured in native Spring XML via the attributeListRef attributes.
Example Spring configuration : conf/attribute-resolver.xm
<DataConnector id="staticAttributesSpring" xsi:type="Static" attributeListRef="StaticAttributeList"/>
The Spring Resource must provide a bean of type Collection<IdPAttribute> populated via Collection<IdPAttributeValue>.
Example Spring configuration : conf/staticAttributesSpring.xml
Click here to expand...
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
default-init-method="initialize" default-destroy-method="destroy">
<util:list id="StaticAttributeList">
<bean class="net.shibboleth.idp.attribute.IdPAttribute" c:_0="exampleAttributeId1">
<property name="values">
<list>
<bean class="net.shibboleth.idp.attribute.StringAttributeValue" c:_0="exampleAttributeValue1" />
<bean class="net.shibboleth.idp.attribute.StringAttributeValue" c:_0="exampleAttributeValue2" />
</list>
</property>
</bean>
<bean class="net.shibboleth.idp.attribute.IdPAttribute" c:_0="exampleAttributeId2">
<property name="values">
<list>
<bean class="net.shibboleth.idp.attribute.StringAttributeValue" c:_0="exampleAttributeValue3" />
</list>
</property>
</bean>
</util:list>
</beans>