1 <?xml version="1.0" encoding="UTF-8"?>
3 <AttributeResolver xmlns="urn:mace:shibboleth:2.0:resolver"
4 xmlns:resolver="urn:mace:shibboleth:2.0:resolver"
5 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
6 xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc"
7 xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad"
8 xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc"
9 xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder"
10 xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
11 urn:mace:shibboleth:2.0:resolver:pc classpath:/schema/shibboleth-2.0-attribute-resolver-pc.xsd
12 urn:mace:shibboleth:2.0:resolver:ad classpath:/schema/shibboleth-2.0-attribute-resolver-ad.xsd
13 urn:mace:shibboleth:2.0:resolver:dc classpath:/schema/shibboleth-2.0-attribute-resolver-dc.xsd
14 urn:mace:shibboleth:2.0:attribute:encoder classpath:/schema/shibboleth-2.0-attribute-encoder.xsd">
16 <!-- ========================================== -->
17 <!-- Attribute Definitions -->
18 <!-- ========================================== -->
20 <!-- Release the Principal as an attribute and encode it as the SAML 1 and 2 name IDs -->
21 <resolver:AttributeDefinition id="principalName" xsi:type="PrincipalName" xmlns="urn:mace:shibboleth:2.0:resolver:ad">
22 <resolver:AttributeEncoder xsi:type="SAML1StringNameIdentifier" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
23 nameFormat="urn:mace:shibboleth:1.0:nameIdentifier" />
25 <resolver:AttributeEncoder xsi:type="SAML2StringNameID" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
26 nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" />
27 </resolver:AttributeDefinition>
29 <!-- Example attribute defintions -->
31 <resolver:AttributeDefinition id="uid" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad">
32 <resolver:Dependency ref="myLDAP" />
34 <resolver:AttributeEncoder xsi:type="SAML2StringNameID" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" />
36 <resolver:AttributeEncoder xsi:type="enc:SAML1StringNameIdentifier" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" />
37 </resolver:AttributeDefinition>
41 <resolver:AttributeDefinition id="scopedPrimaryAffiliation" xsi:type="Scoped" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
43 sourceAttributeID="eduPersonPrimaryAffiliation">
44 <resolver:Dependency ref="myLDAP" />
46 <resolver:AttributeEncoder xsi:type="SAML1ScopedString" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
47 name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"/>
49 <resolver:AttributeEncoder xsi:type="SAML2ScopedString" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
50 name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"/>
52 </resolver:AttributeDefinition>
56 <resolver:AttributeDefinition id="affiliation" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
57 sourceAttribute="eduPersonAffiliation">
58 <resolver:Dependency ref="staticAttributes" />
59 <resolver:Dependency ref="myLDAP" />
61 <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
62 name="urn:mace:dir:attribute-def:eduPersonAffiliation"/>
64 <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
65 name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
66 friendlyName="eduPersonAffiliation"/>
67 </resolver:AttributeDefinition>
71 <resolver:AttributeDefinition id="fullName" xsi:type="Script" xmlns="urn:mace:shibboleth:2.0:resolver:ad">
72 <resolver:Dependency ref="myLDAP" />
76 importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
77 fullname = new BasicAttribute("fullname");
78 fullname.getValues().add(givenName.getValues().first() + " " + sn.getValues().first());
81 </resolver:AttributeDefinition>
85 <!-- ========================================== -->
86 <!-- Data Connectors -->
87 <!-- ========================================== -->
89 <!-- Example Static Connector -->
91 <resolver:DataConnector id="staticAttributes" xsi:type="Static" xmlns="urn:mace:shibboleth:2.0:resolver:dc">
92 <Attribute id="eduPersonAffiliation">
95 <Attribute id="eduPersonEntitlement">
96 <Value>urn:example.org:entitlement:entitlement1</Value>
97 <Value>urn:mace:dir:entitlement:common-lib-terms</Value>
99 </resolver:DataConnector>
102 <!-- Example Relational Database Connector -->
104 <resolver:DataConnector id="mySIS" xsi:type="RelationalDatabase" xmlns="urn:mace:shibboleth:2.0:resolver:dc">
105 <ApplicationManagedConnection jdbcDriver="oracle.jdbc.driver.OracleDriver"
106 jdbcUrl="jdbc:oracle:thin:@db.example.org:1521:SomeDB"
108 jdbcPassword="mypassword" />
111 SELECT * FROM student WHERE gzbtpid = $requestContext.principalName
115 <Column columnName="gzbtpid" attributeID="uid"/>
116 <Column columnName="fqlft" attributeID="gpa" type="Float"/>
117 </resolver:DataConnector>
120 <!-- Example LDAP Connector -->
122 <resolver:DataConnector id="myLDAP" xsi:type="LDAPDirectory" xmlns="urn:mace:shibboleth:2.0:resolver:dc"
123 ldapUrl="ldap://ldap.example.org"
124 baseDN="ou=people,dc=example,dc=org"
125 principal="uid=myservice,ou=system"
126 principalCredential="myServicePassword">
129 (uid=$requestContext.principalName)
133 </resolver:DataConnector>
136 <!-- ========================================== -->
137 <!-- Principal Connectors -->
138 <!-- ========================================== -->
139 <resolver:PrincipalConnector xsi:type="Direct" xmlns="urn:mace:shibboleth:2.0:resolver:pc"
140 id="saml1UnspecDirect"
141 nameIDFormat="urn:oasis:names:tc:SAML:1.0:nameid-format:unspecified" />
143 <resolver:PrincipalConnector xsi:type="Direct" xmlns="urn:mace:shibboleth:2.0:resolver:pc"
144 id="saml2UnspecDirect"
145 nameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" />