Adjust order of NameID encoders for transient IDs so the right 2.0 format gets used...
[java-idp.git] / resources / conf / attribute-resolver.xml
index cfed2de..990010a 100644 (file)
@@ -39,7 +39,7 @@
             name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" />
     </resolver:AttributeDefinition>
 
-    <resolver:AttributeDefinition id="mail" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
+    <resolver:AttributeDefinition id="email" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
         sourceAttributeID="mail">
         <resolver:Dependency ref="myLDAP" />
 
@@ -72,7 +72,7 @@
             name="urn:oid:0.9.2342.19200300.100.1.39" friendlyName="homePostalAddress" />
     </resolver:AttributeDefinition>
 
-    <resolver:AttributeDefinition id="mobile" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
+    <resolver:AttributeDefinition id="mobileNumber" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
         sourceAttributeID="mobile">
         <resolver:Dependency ref="myLDAP" />
 
@@ -83,7 +83,7 @@
             name="urn:oid:0.9.2342.19200300.100.1.41" friendlyName="mobile" />
     </resolver:AttributeDefinition>
 
-    <resolver:AttributeDefinition id="pager" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
+    <resolver:AttributeDefinition id="pagerNumber" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
         sourceAttributeID="pager">
         <resolver:Dependency ref="myLDAP" />
 
             name="urn:oid:0.9.2342.19200300.100.1.42" friendlyName="pager" />
     </resolver:AttributeDefinition>
 
-    <resolver:AttributeDefinition id="uniqueId" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
-        sourceAttributeID="uniqueIdentifier">
-        <resolver:Dependency ref="myLDAP" />
-
-        <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:mace:dir:attribute-def:uniqueIdentifier" />
-
-        <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:oid:0.9.2342.19200300.100.1.44" friendlyName="uniqueIdentifier" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition id="cn" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
+    <resolver:AttributeDefinition id="commonName" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
         sourceAttributeID="cn">
         <resolver:Dependency ref="myLDAP" />
 
     </resolver:AttributeDefinition>
 
     <resolver:AttributeDefinition id="surname" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
-        sourceAttributeID="surname">
-        <resolver:Dependency ref="myLDAP" />
-
-        <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:mace:dir:attribute-def:surname" />
-
-        <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:oid:2.5.4.4" friendlyName="surname" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition id="countryName" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
-        sourceAttributeID="countryName">
+        sourceAttributeID="sn">
         <resolver:Dependency ref="myLDAP" />
 
         <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:mace:dir:attribute-def:countryName" />
+            name="urn:mace:dir:attribute-def:sn" />
 
         <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:oid:2.5.4.6" friendlyName="countryName" />
+            name="urn:oid:2.5.4.4" friendlyName="sn" />
     </resolver:AttributeDefinition>
 
-    <resolver:AttributeDefinition id="localityName" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
-        sourceAttributeID="localityName">
+    <resolver:AttributeDefinition id="locality" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
+        sourceAttributeID="l">
         <resolver:Dependency ref="myLDAP" />
 
         <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:mace:dir:attribute-def:localityName" />
+            name="urn:mace:dir:attribute-def:l" />
 
         <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:oid:2.5.4.7" friendlyName="localityName" />
+            name="urn:oid:2.5.4.7" friendlyName="l" />
     </resolver:AttributeDefinition>
 
-    <resolver:AttributeDefinition id="stateOrProvinceName" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
-        sourceAttributeID="stateOrProvinceName">
+    <resolver:AttributeDefinition id="stateProvince" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
+        sourceAttributeID="st">
         <resolver:Dependency ref="myLDAP" />
 
         <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:mace:dir:attribute-def:stateOrProvinceName" />
+            name="urn:mace:dir:attribute-def:st" />
 
         <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:oid:2.5.4.8" friendlyName="stateOrProvinceName" />
+            name="urn:oid:2.5.4.8" friendlyName="st" />
     </resolver:AttributeDefinition>
 
-    <resolver:AttributeDefinition id="streetAddress" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
-        sourceAttributeID="streetAddress">
+    <resolver:AttributeDefinition id="street" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
+        sourceAttributeID="street">
         <resolver:Dependency ref="myLDAP" />
 
         <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:mace:dir:attribute-def:streetAddress" />
+            name="urn:mace:dir:attribute-def:street" />
 
         <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:oid:2.5.4.9" friendlyName="streetAddress" />
+            name="urn:oid:2.5.4.9" friendlyName="street" />
     </resolver:AttributeDefinition>
 
     <resolver:AttributeDefinition id="organizationName" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
-        sourceAttributeID="organizationName">
+        sourceAttributeID="o">
         <resolver:Dependency ref="myLDAP" />
 
         <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:mace:dir:attribute-def:organizationName" />
+            name="urn:mace:dir:attribute-def:o" />
 
         <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:oid:2.5.4.10" friendlyName="organizationName" />
+            name="urn:oid:2.5.4.10" friendlyName="o" />
     </resolver:AttributeDefinition>
 
-    <resolver:AttributeDefinition id="organizationalUnitName" xsi:type="Simple"
-        xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="organizationalUnitName">
+    <resolver:AttributeDefinition id="organizationalUnit" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
+        sourceAttributeID="ou">
         <resolver:Dependency ref="myLDAP" />
 
         <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:mace:dir:attribute-def:organizationalUnitName" />
+            name="urn:mace:dir:attribute-def:ou" />
 
         <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:oid:2.5.4.11" friendlyName="organizationalUnitName" />
+            name="urn:oid:2.5.4.11" friendlyName="ou" />
     </resolver:AttributeDefinition>
 
     <resolver:AttributeDefinition id="title" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
             name="urn:oid:2.5.4.20" friendlyName="telephoneNumber" />
     </resolver:AttributeDefinition>
 
-    <resolver:AttributeDefinition id="member" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
-        sourceAttributeID="member">
-        <resolver:Dependency ref="myLDAP" />
-
-        <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:mace:dir:attribute-def:member" />
-
-        <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:oid:2.5.4.31" friendlyName="member" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition id="name" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
-        sourceAttributeID="name">
-        <resolver:Dependency ref="myLDAP" />
-
-        <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:mace:dir:attribute-def:name" />
-
-        <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:oid:2.5.4.41" friendlyName="name" />
-    </resolver:AttributeDefinition>
-
     <resolver:AttributeDefinition id="givenName" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
         sourceAttributeID="givenName">
         <resolver:Dependency ref="myLDAP" />
         <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
             name="urn:oid:2.5.4.43" friendlyName="initials" />
     </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition id="distinguishedName" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
-        sourceAttributeID="distinguishedName">
-        <resolver:Dependency ref="myLDAP" />
-
-        <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:mace:dir:attribute-def:distinguishedName" />
-
-        <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:oid:2.5.4.49" friendlyName="distinguishedName" />
-    </resolver:AttributeDefinition>
      -->
 
     <!-- Schema: inetOrgPerson attributes-->
 
     <!-- Schema: eduPerson attributes -->
     <!--
-    <resolver:AttributeDefinition id="affiliation" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
+    <resolver:AttributeDefinition id="eduPersonAffiliation" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
         sourceAttributeID="eduPersonAffiliation">
         <resolver:Dependency ref="staticAttributes" />
         <resolver:Dependency ref="myLDAP" />
             name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" friendlyName="eduPersonAffiliation" />
     </resolver:AttributeDefinition>
 
-    <resolver:AttributeDefinition id="entitlement" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
+    <resolver:AttributeDefinition id="eduPersonEntitlement" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
         sourceAttributeID="eduPersonEntitlement">
         <resolver:Dependency ref="myLDAP" />
 
             name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" />
     </resolver:AttributeDefinition>
 
-    <resolver:AttributeDefinition id="nickname" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
+    <resolver:AttributeDefinition id="eduPersonNickname" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
         sourceAttributeID="eduPersonNickname">
         <resolver:Dependency ref="myLDAP" />
 
             name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" friendlyName="eduPersonNickname" />
     </resolver:AttributeDefinition>
 
-    <resolver:AttributeDefinition id="orgDN" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
+    <resolver:AttributeDefinition id="eduPersonOrgDN" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
         sourceAttributeID="eduPersonOrgDN">
         <resolver:Dependency ref="myLDAP" />
 
             name="urn:oid:1.3.6.1.4.1.5923.1.1.1.3" friendlyName="eduPersonOrgDN" />
     </resolver:AttributeDefinition>
 
-    <resolver:AttributeDefinition id="orgUnitDN" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
+    <resolver:AttributeDefinition id="eduPersonOrgUnitDN" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
         sourceAttributeID="eduPersonOrgUnitDN">
         <resolver:Dependency ref="myLDAP" />
 
             name="urn:oid:1.3.6.1.4.1.5923.1.1.1.4" friendlyName="eduPersonOrgUnitDN" />
     </resolver:AttributeDefinition>
 
-    <resolver:AttributeDefinition id="primaryAffiliation" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
+    <resolver:AttributeDefinition id="eduPersonPrimaryAffiliation" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
         sourceAttributeID="eduPersonPrimaryAffiliation">
         <resolver:Dependency ref="myLDAP" />
 
             name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" friendlyName="eduPersonPrimaryAffiliation" />
     </resolver:AttributeDefinition>
 
-    <resolver:AttributeDefinition id="primaryOrgUnitDN" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
+    <resolver:AttributeDefinition id="eduPersonPrimaryOrgUnitDN" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
         sourceAttributeID="eduPersonPrimaryOrgUnitDN">
         <resolver:Dependency ref="myLDAP" />
 
             name="urn:oid:1.3.6.1.4.1.5923.1.1.1.8" friendlyName="eduPersonPrimaryOrgUnitDN" />
     </resolver:AttributeDefinition>
 
-    <resolver:AttributeDefinition id="principalName" xsi:type="Scoped" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
-        scope="example.org" sourceAttributeID="eduPersonPrincipalName">
+    <resolver:AttributeDefinition id="eduPersonPrincipalName" xsi:type="Scoped" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
+        scope="example.org" sourceAttributeID="uid">
         <resolver:Dependency ref="myLDAP" />
 
         <resolver:AttributeEncoder xsi:type="SAML1ScopedString" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
             name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" />
     </resolver:AttributeDefinition>
 
-    <resolver:AttributeDefinition id="scopedAffiliation" xsi:type="Scoped" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
+    <resolver:AttributeDefinition id="eduPersonScopedAffiliation" xsi:type="Scoped" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
         scope="example.org" sourceAttributeID="eduPersonAffiliation">
         <resolver:Dependency ref="myLDAP" />
 
         <resolver:AttributeEncoder xsi:type="SAML2ScopedString" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
             name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" />
     </resolver:AttributeDefinition>
+        
+    <resolver:AttributeDefinition id="eduPersonTargetedID.old" xsi:type="Scoped" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
+        scope="iay.org.uk" sourceAttributeID="computedID">
+        <resolver:Dependency ref="computedID" />
 
-    <resolver:AttributeDefinition id="targetedID" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
-        sourceAttributeID="eduPersonTargetedID">
-        <resolver:Dependency ref="myLDAP" />
-
-        <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
+        <resolver:AttributeEncoder xsi:type="SAML1ScopedString" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
             name="urn:mace:dir:attribute-def:eduPersonTargetedID" />
+    </resolver:AttributeDefinition>
 
-        <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" friendlyName="eduPersonTargetedID" />
+    <resolver:AttributeDefinition id="eduPersonTargetedID" xsi:type="SAML2NameID" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
+        nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
+        sourceAttributeID="computedID">
+        <resolver:Dependency ref="computedID" />
+
+        <resolver:AttributeEncoder xsi:type="SAML1XMLObject" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
+                name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" />
+    
+        <resolver:AttributeEncoder xsi:type="SAML2XMLObject" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
+                name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" friendlyName="eduPersonTargetedID" />
     </resolver:AttributeDefinition>
     -->
 
     <!-- Name Identifier related attributes -->
     <resolver:AttributeDefinition id="transientId" xsi:type="TransientId" xmlns="urn:mace:shibboleth:2.0:resolver:ad">
-        <resolver:AttributeEncoder xsi:type="SAML1StringNameIdentifier"
-            xmlns="urn:mace:shibboleth:2.0:attribute:encoder" nameFormat="urn:mace:shibboleth:1.0:nameIdentifier" />
+        <resolver:AttributeEncoder xsi:type="SAML1StringNameIdentifier" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
+            nameFormat="urn:mace:shibboleth:1.0:nameIdentifier" />
             
-        <resolver:AttributeEncoder xsi:type="SAML1StringNameIdentifier"
-            xmlns="urn:mace:shibboleth:2.0:attribute:encoder" nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
+        <resolver:AttributeEncoder xsi:type="SAML1StringNameIdentifier" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
+            nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
 
         <resolver:AttributeEncoder xsi:type="SAML2StringNameID" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
             nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />
-            
+
         <resolver:AttributeEncoder xsi:type="SAML2StringNameID" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
-            nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" />
+            nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
     </resolver:AttributeDefinition>
 
     <!-- ========================================== -->
         </FilterTemplate>
     </resolver:DataConnector>
     -->
+    
+    <!-- Computed targeted ID connector -->
+    <!--
+    <resolver:DataConnector xsi:type="ComputedId" xmlns="urn:mace:shibboleth:2.0:resolver:dc"
+                            id="computedID"
+                            generatedAttributeID="computedID"
+                            sourceAttributeID="uid"
+                            salt="your random string here">
+        <resolver:Dependency ref="myLDAP" />
+    </resolver:DataConnector> 
+    -->
 
     <!-- ========================================== -->
     <!--      Principal Connectors                  -->
 
     <resolver:PrincipalConnector xsi:type="Transient" xmlns="urn:mace:shibboleth:2.0:resolver:pc" id="saml2Transient"
         nameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />
-        
-    <resolver:PrincipalConnector xsi:type="Transient" xmlns="urn:mace:shibboleth:2.0:resolver:pc" id="saml2Unspec"
-        nameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" />
 
 </AttributeResolver>
\ No newline at end of file