1 <?xml version="1.0" encoding="UTF-8"?>
3 <AttributeResolver xmlns="urn:mace:shibboleth:2.0:resolver"
4 xmlns:resolver="urn:mace:shibboleth:2.0:resolver"
5 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
6 xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc"
7 xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad"
8 xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc"
9 xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder"
10 xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
11 urn:mace:shibboleth:2.0:resolver:pc classpath:/schema/shibboleth-2.0-attribute-resolver-pc.xsd
12 urn:mace:shibboleth:2.0:resolver:ad classpath:/schema/shibboleth-2.0-attribute-resolver-ad.xsd
13 urn:mace:shibboleth:2.0:resolver:dc classpath:/schema/shibboleth-2.0-attribute-resolver-dc.xsd
14 urn:mace:shibboleth:2.0:attribute:encoder classpath:/schema/shibboleth-2.0-attribute-encoder.xsd">
16 <!-- ========================================== -->
17 <!-- Attribute Definitions -->
18 <!-- ========================================== -->
20 <!-- Example attribute defintions -->
22 <resolver:AttributeDefinition id="uid" xsi:type="ad:Simple">
23 <resolver:DataConnectorDependency ref="myLDAP" />
24 </resolver:AttributeDefinition>
28 <resolver:AttributeDefinition id="scopedPrimaryAffiliation" xsi:type="ad:Scoped"
30 sourceAttributeID="eduPersonPrimaryAffiliation">
31 <resolver:DataConnectorDependency ref="myLDAP" />
33 <resolver:AttributeEncoder xsi:type="enc:SAML1ScopedString"
34 name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"/>
36 <resolver:AttributeEncoder xsi:type="enc:SAML2ScopedString"
37 name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"/>
39 <resolver:AttributeEncoder xsi:type="enc:SAML2StringNameID" />
41 </resolver:AttributeEncoder>
42 </resolver:AttributeDefinition>
46 <resolver:AttributeDefinition id="affiliation" xsi:type="ad:Simple"
47 sourceAttribute="eduPersonAffiliation">
48 <resolver:DataConnectorDependency ref="staticAttributes" />
49 <resolver:DataConnectorDependency ref="myLDAP" />
51 <resolver:AttributeEncoder xsi:type="enc:SAML1String"
52 name="urn:mace:dir:attribute-def:eduPersondAffiliation"/>
54 <resolver:AttributeEncoder xsi:type="enc:SAML2String"
55 name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
56 friendlyName="eduPersonAffiliation"/>
57 </resolver:AttributeDefinition>
61 <resolver:AttributeDefinition id="fullName" xsi:type="Script" >
62 <resolver:DataConnectorDependency ref="myLDAP" />
66 importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
67 fullname = new BasicAttribute("fullname");
68 fullname.getValues().add(givenName.getValues().first() + " " + sn.getValues().first());
71 </resolver:AttributeDefinition>
75 <!-- ========================================== -->
76 <!-- Data Connectors -->
77 <!-- ========================================== -->
79 <!-- Example Static Connector -->
81 <resolver:DataConnector id="staticAttributes" xsi:type="dc:Static">
82 <dc:Attribute id="eduPersonAffiliation">
83 <dc:Value>member</dc:Value>
85 <dc:Attribute id="eduPersonEntitlement">
86 <dc:Value>urn:example.org:entitlement:entitlement1</dc:Value>
87 <dc:Value>urn:mace:dir:entitlement:common-lib-terms</dc:Value>
89 </resolver:DataConnector>
92 <!-- Example Relational Database Connector -->
94 <resolver:DataConnector id="mySIS" xsi:type="dc:RelationalDatabase">
95 <dc:ApplicationManagedConnection jdbcDriver="oracle.jdbc.driver.OracleDriver"
96 jdbcUrl="jdbc:oracle:thin:@db.example.org:1521:SomeDB"
98 jdbcPassword="mypassword" />
101 SELECT * FROM student WHERE gzbtpid = ${principal}
105 <dc:Column columnName="gzbtpid" attributeID="uid"/>
106 <dc:Column columnName="fqlft" attributeID="gpa" type="Float"/>
107 </resolver:DataConnector>
110 <!-- Example LDAP Connector -->
112 <resolver:DataConnector id="myLDAP" xsi:type="LDAPDirectory"
113 ldapUrl="ldap://ldap.example.org"
114 baseDN="ou=people,dc=example,dc=org"
115 principal="uid=myservice,ou=system"
116 principalCredential="myServicePassword">
123 </resolver:DataConnector>
126 <!-- ========================================== -->
127 <!-- Principal Connectors -->
128 <!-- ========================================== -->
129 <resolver:PrincipalConnector xsi:type="pc:Direct"
131 nameIDFormat="urn:oasis:names:tc:SAML:1.0:nameid-format:unspecified" />