diff options
| -rw-r--r-- | template-config/attribute-resolver.xml | 51 |
1 files changed, 49 insertions, 2 deletions
diff --git a/template-config/attribute-resolver.xml b/template-config/attribute-resolver.xml index 0cfa4f4..8b8791f 100644 --- a/template-config/attribute-resolver.xml +++ b/template-config/attribute-resolver.xml @@ -222,11 +222,10 @@ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" friendlyName="eduPersonAffiliation" encodeType="false" /> </AttributeDefinition> -<!-- <AttributeDefinition id="memberOf" xsi:type="Simple" sourceAttributeID="memberOf"> <Dependency ref="myLDAPGROUPS" /> </AttributeDefinition> ---> + <!-- placeholder for scripted scriptEduPersonEntitlement --> <AttributeDefinition id="eduPersonNickname" xsi:type="Simple" sourceAttributeID="eduPersonNickname"> @@ -265,6 +264,15 @@ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" /> </AttributeDefinition> +<AttributeDefinition id="eduPersonScopedAffiliation" xsi:type="Scoped" scope="nordu.net" sourceAttributeID="employeeType"> + <Dependency ref="myLDAP" /> + <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" encodeType="false" /> + <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" encodeType="false" /> +</AttributeDefinition> + +<!-- placeholder for eduPersonTargetedID and persistentId and transientId --> + + <!-- ========================================== --> <!-- Data Connectors --> <!-- ========================================== --> @@ -322,4 +330,43 @@ </DataConnector> --> + <DataConnector id="myLDAPGROUPS" xsi:type="LDAPDirectory" + ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}" + baseDN="%{idp.attribute.resolver.LDAP.baseDN}"> + <FilterTemplate> + <![CDATA[ + %{idp.attribute.resolver.LDAP.searchFilter} + ]]> + </FilterTemplate> + <ReturnAttributes>memberOf</ReturnAttributes> + </DataConnector> + + + <!-- Computed targeted ID connector --> +<!-- The V3 IdP uses a new dedicated service for configuring NameID generation. The legacy V2 approach of encoding attributes into identifiers using attribute-resolver.xml and special attribute encoders that generate NameIdentifiers or NameIDs instead of Attributes is supported for compatibility purposes, but is deprecated and may be removed from a future version.--> + +<!-- <DataConnector id="ComputedId" xsi:type="ComputedId" + generatedAttributeID="computedId" + sourceAttributeID="uid" + salt="UnvacNecKidIppayfsAdJogdydrovuvmidMaHym"> + <resolver:Dependency ref="myLDAP" /> + </DataConnector> + +also in old format the next block +<resolver:DataConnector id="StoredId" + xsi:type="StoredId" + xmlns="urn:mace:shibboleth:2.0:resolver:dc" + generatedAttributeID="persistentId" + sourceAttributeID="uid" + salt="UnvacNecKidIppayfsAdJogdydrovuvmidMaHym"> + <resolver:Dependency ref="uid" /> + <ApplicationManagedConnection + jdbcDriver="com.mysql.jdbc.Driver" + jdbcURL="jdbc:mysql://mysql:3306/shibboleth?autoReconnect=true&useSSL=false" + jdbcUserName="idp" + jdbcPassword="shibboleth" /> +</resolver:DataConnector> +--> + + </AttributeResolver> |