1 <?xml version="1.0" encoding="UTF-8"?>
3 <AttributeResolver xmlns="urn:mace:shibboleth:2.0:resolver"
4 xmlns:resolver="urn:mace:shibboleth:2.0:resolver"
5 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
6 xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc"
7 xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad"
8 xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc"
9 xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder"
10 xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
11 urn:mace:shibboleth:2.0:resolver:pc classpath:/schema/shibboleth-2.0-attribute-resolver-pc.xsd
12 urn:mace:shibboleth:2.0:resolver:ad classpath:/schema/shibboleth-2.0-attribute-resolver-ad.xsd
13 urn:mace:shibboleth:2.0:resolver:dc classpath:/schema/shibboleth-2.0-attribute-resolver-dc.xsd
14 urn:mace:shibboleth:2.0:attribute:encoder classpath:/schema/shibboleth-2.0-attribute-encoder.xsd">
16 <!-- ========================================== -->
17 <!-- Attribute Definitions -->
18 <!-- ========================================== -->
20 <!-- Example attribute defintions -->
22 <resolver:AttributeDefinition id="uid" xsi:type="ad:Simple">
23 <resolver:DataConnectorDependency ref="myLDAP" />
24 </resolver:AttributeDefinition>
28 <resolver:AttributeDefinition id="scopedPrimaryAffiliation" xsi:type="ad:Scoped"
30 sourceAttributeID="eduPersonPrimaryAffiliation">
31 <resolver:DataConnectorDependency ref="myLDAP" />
33 <resolver:AttributeEncoder xsi:type="enc:SAML1ScopedString"
34 name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"/>
36 <resolver:AttributeEncoder xsi:type="enc:SAML2ScopedString"
37 name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"/>
39 <resolver:AttributeEncoder xsi:type="enc:SAML2StringNameID" />
41 </resolver:AttributeDefinition>
45 <resolver:AttributeDefinition id="affiliation" xsi:type="ad:Simple"
46 sourceAttribute="eduPersonAffiliation">
47 <resolver:DataConnectorDependency ref="staticAttributes" />
48 <resolver:DataConnectorDependency ref="myLDAP" />
50 <resolver:AttributeEncoder xsi:type="enc:SAML1String"
51 name="urn:mace:dir:attribute-def:eduPersondAffiliation"/>
53 <resolver:AttributeEncoder xsi:type="enc:SAML2String"
54 name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
55 friendlyName="eduPersonAffiliation"/>
56 </resolver:AttributeDefinition>
60 <resolver:AttributeDefinition id="fullName" xsi:type="Script" >
61 <resolver:DataConnectorDependency ref="myLDAP" />
65 importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
66 fullname = new BasicAttribute("fullname");
67 fullname.getValues().add(givenName.getValues().first() + " " + sn.getValues().first());
70 </resolver:AttributeDefinition>
74 <!-- ========================================== -->
75 <!-- Data Connectors -->
76 <!-- ========================================== -->
78 <!-- Example Static Connector -->
80 <resolver:DataConnector id="staticAttributes" xsi:type="dc:Static">
81 <dc:Attribute id="eduPersonAffiliation">
82 <dc:Value>member</dc:Value>
84 <dc:Attribute id="eduPersonEntitlement">
85 <dc:Value>urn:example.org:entitlement:entitlement1</dc:Value>
86 <dc:Value>urn:mace:dir:entitlement:common-lib-terms</dc:Value>
88 </resolver:DataConnector>
91 <!-- Example Relational Database Connector -->
93 <resolver:DataConnector id="mySIS" xsi:type="dc:RelationalDatabase">
94 <dc:ApplicationManagedConnection jdbcDriver="oracle.jdbc.driver.OracleDriver"
95 jdbcUrl="jdbc:oracle:thin:@db.example.org:1521:SomeDB"
97 jdbcPassword="mypassword" />
100 SELECT * FROM student WHERE gzbtpid = ${principal}
104 <dc:Column columnName="gzbtpid" attributeID="uid"/>
105 <dc:Column columnName="fqlft" attributeID="gpa" type="Float"/>
106 </resolver:DataConnector>
109 <!-- Example LDAP Connector -->
111 <resolver:DataConnector id="myLDAP" xsi:type="LDAPDirectory"
112 ldapUrl="ldap://ldap.example.org"
113 baseDN="ou=people,dc=example,dc=org"
114 principal="uid=myservice,ou=system"
115 principalCredential="myServicePassword">
122 </resolver:DataConnector>
125 <!-- ========================================== -->
126 <!-- Principal Connectors -->
127 <!-- ========================================== -->
128 <resolver:PrincipalConnector xsi:type="pc:Direct"
130 nameIDFormat="urn:oasis:names:tc:SAML:1.0:nameid-format:unspecified" />