1 <?xml version="1.0" encoding="UTF-8"?>
4 This file is an EXAMPLE configuration file. Deployers should NOT attempt to use this
5 without modifying it for their environment. In particular, deployers will need to edit
6 data connector configurations.
8 Not all attribute definitions, data connectors, or principal connectors are demonstrated.
9 Deployers should refer to the Shibboleth 2 documentation for a complete list of components
14 <AttributeResolver xmlns="urn:mace:shibboleth:2.0:resolver" xmlns:resolver="urn:mace:shibboleth:2.0:resolver"
15 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc"
16 xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad" xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc"
17 xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder" xmlns:sec="urn:mace:shibboleth:2.0:security"
18 xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
19 urn:mace:shibboleth:2.0:resolver:pc classpath:/schema/shibboleth-2.0-attribute-resolver-pc.xsd
20 urn:mace:shibboleth:2.0:resolver:ad classpath:/schema/shibboleth-2.0-attribute-resolver-ad.xsd
21 urn:mace:shibboleth:2.0:resolver:dc classpath:/schema/shibboleth-2.0-attribute-resolver-dc.xsd
22 urn:mace:shibboleth:2.0:attribute:encoder classpath:/schema/shibboleth-2.0-attribute-encoder.xsd
23 urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd">
25 <!-- ========================================== -->
26 <!-- Attribute Definitions -->
27 <!-- ========================================== -->
29 <!-- Schema: Core schema attributes-->
30 <resolver:AttributeDefinition id="uid" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
31 sourceAttributeID="uid">
32 <resolver:Dependency ref="myLDAP" />
34 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
35 name="urn:mace:dir:attribute-def:uid" />
37 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
38 name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" />
39 </resolver:AttributeDefinition>
41 <resolver:AttributeDefinition id="mail" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
42 sourceAttributeID="mail">
43 <resolver:Dependency ref="myLDAP" />
45 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
46 name="urn:mace:dir:attribute-def:mail" />
48 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
49 name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" />
50 </resolver:AttributeDefinition>
52 <resolver:AttributeDefinition id="homePhone" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
53 sourceAttributeID="homePhone">
54 <resolver:Dependency ref="myLDAP" />
56 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
57 name="urn:mace:dir:attribute-def:homePhone" />
59 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
60 name="urn:oid:0.9.2342.19200300.100.1.20" friendlyName="homePhone" />
61 </resolver:AttributeDefinition>
63 <resolver:AttributeDefinition id="homePostalAddress" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
64 sourceAttributeID="homePostalAddress">
65 <resolver:Dependency ref="myLDAP" />
67 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
68 name="urn:mace:dir:attribute-def:homePostalAddress" />
70 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
71 name="urn:oid:0.9.2342.19200300.100.1.39" friendlyName="homePostalAddress" />
72 </resolver:AttributeDefinition>
74 <resolver:AttributeDefinition id="mobile" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
75 sourceAttributeID="mobile">
76 <resolver:Dependency ref="myLDAP" />
78 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
79 name="urn:mace:dir:attribute-def:mobile" />
81 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
82 name="urn:oid:0.9.2342.19200300.100.1.41" friendlyName="mobile" />
83 </resolver:AttributeDefinition>
85 <resolver:AttributeDefinition id="pager" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
86 sourceAttributeID="pager">
87 <resolver:Dependency ref="myLDAP" />
89 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
90 name="urn:mace:dir:attribute-def:pager" />
92 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
93 name="urn:oid:0.9.2342.19200300.100.1.42" friendlyName="pager" />
94 </resolver:AttributeDefinition>
96 <resolver:AttributeDefinition id="uniqueId" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
97 sourceAttributeID="uniqueIdentifier">
98 <resolver:Dependency ref="myLDAP" />
100 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
101 name="urn:mace:dir:attribute-def:uniqueIdentifier" />
103 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
104 name="urn:oid:0.9.2342.19200300.100.1.44" friendlyName="uniqueIdentifier" />
105 </resolver:AttributeDefinition>
107 <resolver:AttributeDefinition id="cn" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
108 sourceAttributeID="cn">
109 <resolver:Dependency ref="myLDAP" />
111 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
112 name="urn:mace:dir:attribute-def:cn" />
114 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
115 name="urn:oid:2.5.4.3" friendlyName="cn" />
116 </resolver:AttributeDefinition>
118 <resolver:AttributeDefinition id="surname" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
119 sourceAttributeID="surname">
120 <resolver:Dependency ref="myLDAP" />
122 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
123 name="urn:mace:dir:attribute-def:surname" />
125 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
126 name="urn:oid:2.5.4.4" friendlyName="surname" />
127 </resolver:AttributeDefinition>
129 <resolver:AttributeDefinition id="countryName" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
130 sourceAttributeID="countryName">
131 <resolver:Dependency ref="myLDAP" />
133 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
134 name="urn:mace:dir:attribute-def:countryName" />
136 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
137 name="urn:oid:2.5.4.6" friendlyName="countryName" />
138 </resolver:AttributeDefinition>
140 <resolver:AttributeDefinition id="localityName" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
141 sourceAttributeID="localityName">
142 <resolver:Dependency ref="myLDAP" />
144 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
145 name="urn:mace:dir:attribute-def:localityName" />
147 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
148 name="urn:oid:2.5.4.7" friendlyName="localityName" />
149 </resolver:AttributeDefinition>
151 <resolver:AttributeDefinition id="stateOrProvinceName" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
152 sourceAttributeID="stateOrProvinceName">
153 <resolver:Dependency ref="myLDAP" />
155 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
156 name="urn:mace:dir:attribute-def:stateOrProvinceName" />
158 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
159 name="urn:oid:2.5.4.8" friendlyName="stateOrProvinceName" />
160 </resolver:AttributeDefinition>
162 <resolver:AttributeDefinition id="streetAddress" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
163 sourceAttributeID="streetAddress">
164 <resolver:Dependency ref="myLDAP" />
166 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
167 name="urn:mace:dir:attribute-def:streetAddress" />
169 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
170 name="urn:oid:2.5.4.9" friendlyName="streetAddress" />
171 </resolver:AttributeDefinition>
173 <resolver:AttributeDefinition id="organizationName" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
174 sourceAttributeID="organizationName">
175 <resolver:Dependency ref="myLDAP" />
177 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
178 name="urn:mace:dir:attribute-def:organizationName" />
180 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
181 name="urn:oid:2.5.4.10" friendlyName="organizationName" />
182 </resolver:AttributeDefinition>
184 <resolver:AttributeDefinition id="organizationalUnitName" xsi:type="Simple"
185 xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="organizationalUnitName">
186 <resolver:Dependency ref="myLDAP" />
188 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
189 name="urn:mace:dir:attribute-def:organizationalUnitName" />
191 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
192 name="urn:oid:2.5.4.11" friendlyName="organizationalUnitName" />
193 </resolver:AttributeDefinition>
195 <resolver:AttributeDefinition id="title" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
196 sourceAttributeID="title">
197 <resolver:Dependency ref="myLDAP" />
199 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
200 name="urn:mace:dir:attribute-def:title" />
202 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
203 name="urn:oid:2.5.4.12" friendlyName="title" />
204 </resolver:AttributeDefinition>
206 <resolver:AttributeDefinition id="postalAddress" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
207 sourceAttributeID="postalAddress">
208 <resolver:Dependency ref="myLDAP" />
210 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
211 name="urn:mace:dir:attribute-def:postalAddress" />
213 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
214 name="urn:oid:2.5.4.16" friendlyName="postalAddress" />
215 </resolver:AttributeDefinition>
217 <resolver:AttributeDefinition id="postalCode" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
218 sourceAttributeID="postalCode">
219 <resolver:Dependency ref="myLDAP" />
221 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
222 name="urn:mace:dir:attribute-def:postalCode" />
224 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
225 name="urn:oid:2.5.4.17" friendlyName="postalCode" />
226 </resolver:AttributeDefinition>
228 <resolver:AttributeDefinition id="postOfficeBox" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
229 sourceAttributeID="postOfficeBox">
230 <resolver:Dependency ref="myLDAP" />
232 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
233 name="urn:mace:dir:attribute-def:postOfficeBox" />
235 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
236 name="urn:oid:2.5.4.18" friendlyName="postOfficeBox" />
237 </resolver:AttributeDefinition>
239 <resolver:AttributeDefinition id="telephoneNumber" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
240 sourceAttributeID="telephoneNumber">
241 <resolver:Dependency ref="myLDAP" />
243 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
244 name="urn:mace:dir:attribute-def:telephoneNumber" />
246 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
247 name="urn:oid:2.5.4.20" friendlyName="telephoneNumber" />
248 </resolver:AttributeDefinition>
250 <resolver:AttributeDefinition id="member" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
251 sourceAttributeID="member">
252 <resolver:Dependency ref="myLDAP" />
254 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
255 name="urn:mace:dir:attribute-def:member" />
257 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
258 name="urn:oid:2.5.4.31" friendlyName="member" />
259 </resolver:AttributeDefinition>
261 <resolver:AttributeDefinition id="name" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
262 sourceAttributeID="name">
263 <resolver:Dependency ref="myLDAP" />
265 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
266 name="urn:mace:dir:attribute-def:name" />
268 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
269 name="urn:oid:2.5.4.41" friendlyName="name" />
270 </resolver:AttributeDefinition>
272 <resolver:AttributeDefinition id="givenName" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
273 sourceAttributeID="givenName">
274 <resolver:Dependency ref="myLDAP" />
276 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
277 name="urn:mace:dir:attribute-def:givenName" />
279 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
280 name="urn:oid:2.5.4.42" friendlyName="givenName" />
281 </resolver:AttributeDefinition>
283 <resolver:AttributeDefinition id="initials" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
284 sourceAttributeID="initials">
285 <resolver:Dependency ref="myLDAP" />
287 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
288 name="urn:mace:dir:attribute-def:initials" />
290 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
291 name="urn:oid:2.5.4.43" friendlyName="initials" />
292 </resolver:AttributeDefinition>
294 <resolver:AttributeDefinition id="distinguishedName" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
295 sourceAttributeID="distinguishedName">
296 <resolver:Dependency ref="myLDAP" />
298 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
299 name="urn:mace:dir:attribute-def:distinguishedName" />
301 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
302 name="urn:oid:2.5.4.49" friendlyName="distinguishedName" />
303 </resolver:AttributeDefinition>
305 <!-- Schema: inetOrgPerson attributes-->
306 <resolver:AttributeDefinition id="departmentNumber" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
307 sourceAttributeID="departmentNumber">
308 <resolver:Dependency ref="myLDAP" />
310 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
311 name="urn:mace:dir:attribute-def:departmentNumber" />
313 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
314 name="urn:oid:2.16.840.1.113730.3.1.2" friendlyName="departmentNumber" />
315 </resolver:AttributeDefinition>
317 <resolver:AttributeDefinition id="employeeNumber" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
318 sourceAttributeID="employeeNumber">
319 <resolver:Dependency ref="myLDAP" />
321 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
322 name="urn:mace:dir:attribute-def:employeeNumber" />
324 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
325 name="urn:oid:2.16.840.1.113730.3.1.3" friendlyName="employeeNumber" />
326 </resolver:AttributeDefinition>
328 <resolver:AttributeDefinition id="employeeType" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
329 sourceAttributeID="employeeType">
330 <resolver:Dependency ref="myLDAP" />
332 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
333 name="urn:mace:dir:attribute-def:employeeType" />
335 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
336 name="urn:oid:2.16.840.1.113730.3.1.4" friendlyName="employeeType" />
337 </resolver:AttributeDefinition>
339 <resolver:AttributeDefinition id="jpegPhoto" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
340 sourceAttributeID="jpegPhoto">
341 <resolver:Dependency ref="myLDAP" />
343 <resolver:AttributeEncoder xsi:type="SAML1Base64" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
344 name="urn:mace:dir:attribute-def:jpegPhoto" />
346 <resolver:AttributeEncoder xsi:type="SAML2Base64" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
347 name="urn:oid:0.9.2342.19200300.100.1.60" friendlyName="jpegPhoto" />
348 </resolver:AttributeDefinition>
350 <resolver:AttributeDefinition id="preferredLanguage" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
351 sourceAttributeID="preferredLanguage">
352 <resolver:Dependency ref="myLDAP" />
354 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
355 name="urn:mace:dir:attribute-def:preferredLanguage" />
357 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
358 name="urn:oid:2.16.840.1.113730.3.1.39" friendlyName="preferredLanguage" />
359 </resolver:AttributeDefinition>
361 <!-- Schema: eduPerson attributes-->
362 <resolver:AttributeDefinition id="affiliation" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
363 sourceAttributeID="eduPersonAffiliation">
364 <resolver:Dependency ref="staticAttributes" />
365 <resolver:Dependency ref="myLDAP" />
367 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
368 name="urn:mace:dir:attribute-def:eduPersonAffiliation" />
370 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
371 name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" friendlyName="eduPersonAffiliation" />
372 </resolver:AttributeDefinition>
374 <resolver:AttributeDefinition id="entitlement" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
375 sourceAttributeID="eduPersonEntitlement">
376 <resolver:Dependency ref="myLDAP" />
378 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
379 name="urn:mace:dir:attribute-def:eduPersonEntitlement" />
381 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
382 name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" />
383 </resolver:AttributeDefinition>
385 <resolver:AttributeDefinition id="nickname" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
386 sourceAttributeID="eduPersonNickname">
387 <resolver:Dependency ref="myLDAP" />
389 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
390 name="urn:mace:dir:attribute-def:eduPersonNickname" />
392 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
393 name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" friendlyName="eduPersonNickname" />
394 </resolver:AttributeDefinition>
396 <resolver:AttributeDefinition id="orgDN" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
397 sourceAttributeID="eduPersonOrgDN">
398 <resolver:Dependency ref="myLDAP" />
400 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
401 name="urn:mace:dir:attribute-def:eduPersonOrgDN" />
403 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
404 name="urn:oid:1.3.6.1.4.1.5923.1.1.1.3" friendlyName="eduPersonOrgDN" />
405 </resolver:AttributeDefinition>
407 <resolver:AttributeDefinition id="orgUnitDN" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
408 sourceAttributeID="eduPersonOrgUnitDN">
409 <resolver:Dependency ref="myLDAP" />
411 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
412 name="urn:mace:dir:attribute-def:eduPersonOrgUnitDN" />
414 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
415 name="urn:oid:1.3.6.1.4.1.5923.1.1.1.4" friendlyName="eduPersonOrgUnitDN" />
416 </resolver:AttributeDefinition>
418 <resolver:AttributeDefinition id="primaryAffiliation" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
419 sourceAttributeID="eduPersonPrimaryAffiliation">
420 <resolver:Dependency ref="myLDAP" />
422 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
423 name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" />
425 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
426 name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" friendlyName="eduPersonPrimaryAffiliation" />
427 </resolver:AttributeDefinition>
429 <resolver:AttributeDefinition id="primaryOrgUnitDN" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
430 sourceAttributeID="eduPersonPrimaryOrgUnitDN">
431 <resolver:Dependency ref="myLDAP" />
433 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
434 name="urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN" />
436 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
437 name="urn:oid:1.3.6.1.4.1.5923.1.1.1.8" friendlyName="eduPersonPrimaryOrgUnitDN" />
438 </resolver:AttributeDefinition>
440 <resolver:AttributeDefinition id="principalName" xsi:type="Scoped" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
441 scope="example.org" sourceAttributeID="eduPersonPrincipalName">
442 <resolver:Dependency ref="myLDAP" />
444 <resolver:AttributeEncoder xsi:type="SAML1ScopedString" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
445 name="urn:mace:dir:attribute-def:eduPersonPrincipalName" />
447 <resolver:AttributeEncoder xsi:type="SAML2ScopedString" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
448 name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" />
449 </resolver:AttributeDefinition>
451 <resolver:AttributeDefinition id="scopedAffiliation" xsi:type="Scoped" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
452 scope="example.org" sourceAttributeID="eduPersonAffiliation">
453 <resolver:Dependency ref="myLDAP" />
455 <resolver:AttributeEncoder xsi:type="SAML1ScopedString" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
456 name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" />
458 <resolver:AttributeEncoder xsi:type="SAML2ScopedString" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
459 name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" />
460 </resolver:AttributeDefinition>
462 <resolver:AttributeDefinition id="targetedID" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
463 sourceAttributeID="eduPersonTargetedID">
464 <resolver:Dependency ref="myLDAP" />
466 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
467 name="urn:mace:dir:attribute-def:eduPersonTargetedID" />
469 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
470 name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" friendlyName="eduPersonTargetedID" />
471 </resolver:AttributeDefinition>
474 <!-- Name Identifier related attributes -->
475 <resolver:AttributeDefinition id="transientId" xsi:type="TransientId" xmlns="urn:mace:shibboleth:2.0:resolver:ad">
476 <resolver:AttributeEncoder xsi:type="SAML1StringNameIdentifier"
477 xmlns="urn:mace:shibboleth:2.0:attribute:encoder" nameFormat="urn:mace:shibboleth:1.0:nameIdentifier" />
479 <resolver:AttributeEncoder xsi:type="SAML2StringNameID" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
480 nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />
481 </resolver:AttributeDefinition>
483 <!-- ========================================== -->
484 <!-- Data Connectors -->
485 <!-- ========================================== -->
487 <!-- Example Static Connector -->
488 <resolver:DataConnector id="staticAttributes" xsi:type="Static" xmlns="urn:mace:shibboleth:2.0:resolver:dc">
489 <Attribute id="eduPersonAffiliation">
490 <Value>member</Value>
492 <Attribute id="eduPersonEntitlement">
493 <Value>urn:example.org:entitlement:entitlement1</Value>
494 <Value>urn:mace:dir:entitlement:common-lib-terms</Value>
496 </resolver:DataConnector>
498 <!-- Example Relational Database Connector -->
499 <resolver:DataConnector id="mySIS" xsi:type="RelationalDatabase" xmlns="urn:mace:shibboleth:2.0:resolver:dc"
500 validationQuery="SELECT 1 FROM DUAL">
501 <ApplicationManagedConnection jdbcDriver="oracle.jdbc.driver.OracleDriver"
502 jdbcURL="jdbc:oracle:thin:@db.example.org:1521:SomeDB" jdbcUserName="myid" jdbcPassword="mypassword" />
505 SELECT * FROM student WHERE gzbtpid = $requestContext.principalName
509 <Column columnName="gzbtpid" attributeID="uid" />
510 <Column columnName="fqlft" attributeID="gpa" type="Float" />
511 </resolver:DataConnector>
513 <!-- Example LDAP Connector -->
514 <resolver:DataConnector id="myLDAP" xsi:type="LDAPDirectory" xmlns="urn:mace:shibboleth:2.0:resolver:dc"
515 ldapUrl="ldap://ldap.example.org" baseDN="ou=people,dc=example,dc=org" principal="uid=myservice,ou=system"
516 principalCredential="myServicePassword">
519 (uid=$requestContext.principalName)
523 </resolver:DataConnector>
525 <!-- ========================================== -->
526 <!-- Principal Connectors -->
527 <!-- ========================================== -->
528 <resolver:PrincipalConnector xsi:type="Transient" xmlns="urn:mace:shibboleth:2.0:resolver:pc" id="shibTransient"
529 nameIDFormat="urn:mace:shibboleth:1.0:nameIdentifier" />
531 <resolver:PrincipalConnector xsi:type="Transient" xmlns="urn:mace:shibboleth:2.0:resolver:pc" id="saml2Transient"
532 nameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />