summaryrefslogtreecommitdiff
path: root/conf-from-container/conf/attribute-resolver-full.xml
diff options
context:
space:
mode:
Diffstat (limited to 'conf-from-container/conf/attribute-resolver-full.xml')
-rw-r--r--conf-from-container/conf/attribute-resolver-full.xml292
1 files changed, 292 insertions, 0 deletions
diff --git a/conf-from-container/conf/attribute-resolver-full.xml b/conf-from-container/conf/attribute-resolver-full.xml
new file mode 100644
index 0000000..4681b64
--- /dev/null
+++ b/conf-from-container/conf/attribute-resolver-full.xml
@@ -0,0 +1,292 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ This file is an EXAMPLE configuration file containing lots of commented
+ example attributes, encoders, and a couple of example data connectors.
+
+ Not all attribute definitions or data connectors are demonstrated, but
+ a variety of LDAP attributes, some common to Shibboleth deployments and
+ many not, are included.
+
+ Deployers should refer to the Identity Provider 3 documentation
+
+ https://wiki.shibboleth.net/confluence/display/IDP30/AttributeResolverConfiguration
+
+ for a complete list of components and their options.
+-->
+<AttributeResolver
+ xmlns="urn:mace:shibboleth:2.0:resolver"
+ xmlns:sec="urn:mace:shibboleth:2.0:security"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
+ urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd">
+
+ <!-- ========================================== -->
+ <!-- Attribute Definitions -->
+ <!-- ========================================== -->
+
+ <!-- Schema: Core schema attributes-->
+<!--
+ <AttributeDefinition xsi:type="Simple" id="uid" sourceAttributeID="uid">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:uid" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="mail" sourceAttributeID="mail">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="homePhone" sourceAttributeID="homePhone">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:homePhone" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.20" friendlyName="homePhone" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="homePostalAddress" sourceAttributeID="homePostalAddress">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:homePostalAddress" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.39" friendlyName="homePostalAddress" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="mobileNumber" sourceAttributeID="mobile">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mobile" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.41" friendlyName="mobile" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="pagerNumber" sourceAttributeID="pager">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:pager" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.42" friendlyName="pager" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="surname" sourceAttributeID="sn">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:sn" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.4" friendlyName="sn" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="locality" sourceAttributeID="l">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:l" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.7" friendlyName="l" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="stateProvince" sourceAttributeID="st">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:st" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.8" friendlyName="st" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="street" sourceAttributeID="street">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:street" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.9" friendlyName="street" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="organizationName" sourceAttributeID="o">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:o" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.10" friendlyName="o" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="organizationalUnit" sourceAttributeID="ou">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:ou" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.11" friendlyName="ou" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="title" sourceAttributeID="title">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:title" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.12" friendlyName="title" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="postalAddress" sourceAttributeID="postalAddress">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:postalAddress" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.16" friendlyName="postalAddress" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="postalCode" sourceAttributeID="postalCode">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:postalCode" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.17" friendlyName="postalCode" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="postOfficeBox" sourceAttributeID="postOfficeBox">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:postOfficeBox" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.18" friendlyName="postOfficeBox" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="telephoneNumber" sourceAttributeID="telephoneNumber">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:telephoneNumber" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.20" friendlyName="telephoneNumber" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="givenName" sourceAttributeID="givenName">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:givenName" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.42" friendlyName="givenName" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="initials" sourceAttributeID="initials">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:initials" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.43" friendlyName="initials" encodeType="false" />
+ </AttributeDefinition>
+-->
+
+ <!-- Schema: inetOrgPerson attributes-->
+<!--
+ <AttributeDefinition xsi:type="Simple" id="departmentNumber" sourceAttributeID="departmentNumber">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:departmentNumber" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.2" friendlyName="departmentNumber" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="displayName" sourceAttributeID="displayName">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:displayName" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.241" friendlyName="displayName" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="employeeNumber" sourceAttributeID="employeeNumber">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:employeeNumber" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.3" friendlyName="employeeNumber" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="employeeType" sourceAttributeID="employeeType">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:employeeType" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.4" friendlyName="employeeType" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="jpegPhoto" sourceAttributeID="jpegPhoto">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:jpegPhoto" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.60" friendlyName="jpegPhoto" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="preferredLanguage" sourceAttributeID="preferredLanguage">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:preferredLanguage" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.39" friendlyName="preferredLanguage" encodeType="false" />
+ </AttributeDefinition>
+-->
+
+ <!-- Schema: eduPerson attributes -->
+<!--
+ <AttributeDefinition xsi:type="Simple" id="eduPersonAffiliation" sourceAttributeID="eduPersonAffiliation">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonAffiliation" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" friendlyName="eduPersonAffiliation" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="eduPersonEntitlement" sourceAttributeID="eduPersonEntitlement">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonEntitlement" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="eduPersonNickname" sourceAttributeID="eduPersonNickname">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonNickname" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" friendlyName="eduPersonNickname" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="eduPersonPrimaryAffiliation" sourceAttributeID="eduPersonPrimaryAffiliation">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" friendlyName="eduPersonPrimaryAffiliation" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Scoped" id="eduPersonUniqueId" scope="%{idp.scope}" sourceAttributeID="localUniqueId">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" friendlyName="eduPersonUniqueId" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Prescoped" id="eduPersonPrincipalName" sourceAttributeID="eduPersonPrincipalName">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Prescoped" id="eduPersonPrincipalNamePrior" sourceAttributeID="eduPersonPrincipalNamePrior">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.12" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.12" friendlyName="eduPersonPrincipalNamePrior" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Scoped" id="eduPersonScopedAffiliation" scope="%{idp.scope}" sourceAttributeID="eduPersonAffiliation">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="eduPersonAssurance" sourceAttributeID="eduPersonAssurance">
+ <Dependency ref="myLDAP" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonAssurance" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" friendlyName="eduPersonAssurance" encodeType="false" />
+ </AttributeDefinition>
+-->
+
+ <!-- ========================================== -->
+ <!-- Data Connectors -->
+ <!-- ========================================== -->
+
+ <!-- Example Static Connector -->
+<!--
+ <DataConnector id="staticAttributes" xsi:type="Static">
+ <Attribute id="eduPersonAffiliation">
+ <Value>member</Value>
+ </Attribute>
+ </DataConnector>
+-->
+
+ <!-- Example Relational Database Connector -->
+<!--
+ <DataConnector id="mySIS" xsi:type="RelationalDatabase">
+ <ApplicationManagedConnection jdbcDriver="oracle.jdbc.driver.OracleDriver"
+ jdbcURL="jdbc:oracle:thin:@db.example.org:1521:SomeDB"
+ jdbcUserName="myid"
+ jdbcPassword="mypassword" />
+ <QueryTemplate>
+ <![CDATA[
+ SELECT * FROM student WHERE gzbtpid = '$resolutionContext.principal'
+ ]]>
+ </QueryTemplate>
+
+ <Column columnName="gzbtpid" attributeID="uid" />
+ <Column columnName="fqlft" attributeID="gpa" />
+ </DataConnector>
+-->
+
+ <!-- Example LDAP Connector -->
+<!--
+ <DataConnector id="myLDAP" xsi:type="LDAPDirectory"
+ ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
+ baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
+ principal="%{idp.attribute.resolver.LDAP.bindDN}"
+ principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
+ useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
+ connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
+ responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}">
+ <FilterTemplate>
+ <![CDATA[
+ %{idp.attribute.resolver.LDAP.searchFilter}
+ ]]>
+ </FilterTemplate>
+ <StartTLSTrustCredential id="LDAPtoIdPCredential" xsi:type="sec:X509ResourceBacked">
+ <sec:Certificate>%{idp.attribute.resolver.LDAP.trustCertificates}</sec:Certificate>
+ </StartTLSTrustCredential>
+ </DataConnector>
+-->
+
+</AttributeResolver>