Info |
---|
This is an example of a standard attribute resolver for SWAMID 2.0 in a Shibboleth IdP which contains definitions of alla attribute defined in SWAMID's Entity Category attribute release in SWAMID. |
OBS! UTKAST
Check the comments in the XML and replace any values as needed. |
...
Furthermore, check that you read the attributes from the correct data source. |
The latest published SWAMID example standard resolver for Shibboleth Identity Provider is published at https://mds.swamid.se/entity-configurations/Shibboleth-IdP/v4/attribute-resolver.xml. Below is the latest version included from the publication repository.
The repository is in the process of being re-tagged for IdPv5. The v4 files work just fine with IdPv5.
Html-bobswift |
---|
output | wiki |
---|
source | https://mds.swamid.se/entity-configurations/Shibboleth-IdP/v4/attribute-filter.xml |
---|
script | #https://mds.swamid.se/entity-configurations/Shibboleth-IdP/v4/attribute-resolver.xml |
---|
|
Code Block |
---|
language | xml |
---|
title | attribute-resolver.xml |
---|
|
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file is an EXAMPLE configuration file for use within the
SWAMID federation containing lots of example attributes, encoders,
and a couple of example data connectors.
Not all attribute definitions or data connectors are demonstrated, but
a variety of LDAP attributes, some common to Shibboleth deployments and
many not, are included.
Deployers should refer to the Identity Provider 3 documentation
https://wiki.shibboleth.net/confluence/display/IDP30/AttributeResolverConfiguration
for a complete list of components and their options.
-->
<AttributeResolver
xmlns="urn:mace:shibboleth:2.0:resolver"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd">
<!-- ========================================== -->
<!-- Attribute Definitions -->
<!-- ========================================== -->
<!-- Schema: Core schema attributes-->
<AttributeDefinition xsi:type="Simple" id="uid">
<InputDataConnector ref="myLDAP" attributeNames="uid"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:uid" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="mail">
<InputDataConnector ref="myLDAP" attributeNames="mail"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
</AttributeDefinition>
<!--
<AttributeDefinition xsi:type="Simple" id="homePhone">
<InputDataConnector ref="myLDAP" attributeNames="homePhone"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:homePhone" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.20" friendlyName="homePhone" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="homePostalAddress">
<InputDataConnector ref="myLDAP" attributeNames="homePostalAddress"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:homePostalAddress" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.39" friendlyName="homePostalAddress" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="mobileNumber">
<InputDataConnector ref="myLDAP" attributeNames="mobile"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mobile" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.41" friendlyName="mobile" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="pagerNumber">
<InputDataConnector ref="myLDAP" attributeNames="pager"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:pager" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.42" friendlyName="pager" encodeType="false" />
</AttributeDefinition>
-->
<AttributeDefinition xsi:type="Simple" id="surname">
<InputDataConnector ref="myLDAP" attributeNames="sn"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:sn" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.4" friendlyName="sn" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="commonName">
<InputDataConnector ref="myLDAP" attributeNames="cn"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:cn" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.3" friendlyName="cn" encodeType="false" />
</AttributeDefinition>
<!--
<AttributeDefinition xsi:type="Simple" id="locality">
<InputDataConnector ref="myLDAP" attributeNames="l"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:l" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.7" friendlyName="l" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="stateProvince">
<InputDataConnector ref="myLDAP" attributeNames="st"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:st" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.8" friendlyName="st" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="street">
<InputDataConnector ref="myLDAP" attributeNames="street"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:street" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.9" friendlyName="street" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="organizationName">
<InputDataConnector ref="myLDAP" attributeNames="o"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:o" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.10" friendlyName="o" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="organizationalUnit">
<InputDataConnector ref="myLDAP" attributeNames="ou"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:ou" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.11" friendlyName="ou" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="title">
<InputDataConnector ref="myLDAP" attributeNames="title"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:title" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.12" friendlyName="title" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="postalAddress">
<InputDataConnector ref="myLDAP" attributeNames="postalAddress"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:postalAddress" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.16" friendlyName="postalAddress" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="postalCode">
<InputDataConnector ref="myLDAP" attributeNames="postalCode"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:postalCode" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.17" friendlyName="postalCode" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="postOfficeBox">
<InputDataConnector ref="myLDAP" attributeNames="postOfficeBox"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:postOfficeBox" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.18" friendlyName="postOfficeBox" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="telephoneNumber">
<InputDataConnector ref="myLDAP" attributeNames="telephoneNumber"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:telephoneNumber" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.20" friendlyName="telephoneNumber" encodeType="false" />
</AttributeDefinition>
-->
<AttributeDefinition xsi:type="Simple" id="givenName">
<InputDataConnector ref="myLDAP" attributeNames="givenName"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:givenName" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.42" friendlyName="givenName" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="initials">
<InputDataConnector ref="myLDAP" attributeNames="initials"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:initials" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.43" friendlyName="initials" encodeType="false" />
</AttributeDefinition>
<!-- Schema: inetOrgPerson attributes-->
<!--
<AttributeDefinition xsi:type="Simple" id="departmentNumber">
<InputDataConnector ref="myLDAP" attributeNames="departmentNumber"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:departmentNumber" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.2" friendlyName="departmentNumber" encodeType="false" />
</AttributeDefinition>
-->
<AttributeDefinition xsi:type="Simple" id="displayName">
<InputDataConnector ref="myLDAP" attributeNames="displayName"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:displayName" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.241" friendlyName="displayName" encodeType="false" />
</AttributeDefinition>
<!--
<AttributeDefinition xsi:type="Simple" id="employeeNumber">
<InputDataConnector ref="myLDAP" attributeNames="employeeNumber"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:employeeNumber" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.3" friendlyName="employeeNumber" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="employeeType">
<InputDataConnector ref="myLDAP" attributeNames="employeeType"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:employeeType" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.4" friendlyName="employeeType" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="jpegPhoto">
<InputDataConnector ref="myLDAP" attributeNames="jpegPhoto"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:jpegPhoto" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.60" friendlyName="jpegPhoto" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="preferredLanguage">
<InputDataConnector ref="myLDAP" attributeNames="preferredLanguage"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:preferredLanguage" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.39" friendlyName="preferredLanguage" encodeType="false" />
</AttributeDefinition>
-->
<!-- Schema: eduPerson attributes -->
<AttributeDefinition xsi:type="Simple" id="eduPersonAffiliation">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonAffiliation" />
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonAffiliation" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" friendlyName="eduPersonAffiliation" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="eduPersonEntitlement">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonEntitlement"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonEntitlement" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" encodeType="false" />
</AttributeDefinition>
<!--
<AttributeDefinition xsi:type="Simple" id="eduPersonNickname">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonNickname"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonNickname" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" friendlyName="eduPersonNickname" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="eduPersonPrimaryAffiliation">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonPrimaryAffiliation"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" friendlyName="eduPersonPrimaryAffiliation" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Prescoped" id="eduPersonPrincipalName">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonPrincipalName"/>
<AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />
<AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
</AttributeDefinition>
-->
<AttributeDefinition xsi:type="Scoped" id="eduPersonPrincipalName" scope="%{idp.scope}">
<InputDataConnector ref="myLDAP" attributeNames="uid"/>
<AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />
<AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
</AttributeDefinition>
<!--
<AttributeDefinition xsi:type="Prescoped" id="eduPersonPrincipalNamePrior">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonPrincipalNamePrior"/>
<AttributeEncoder xsi:type="SAML1ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.12" encodeType="false" />
<AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.12" friendlyName="eduPersonPrincipalNamePrior" encodeType="false" />
</AttributeDefinition>
-->
<AttributeDefinition xsi:type="Scoped" id="eduPersonScopedAffiliation" scope="%{idp.scope}">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonAffiliation"/>
<AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" encodeType="false" />
<AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="eduPersonAssurance">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonAssurance"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonAssurance" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" friendlyName="eduPersonAssurance" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="eduPersonOrcid">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonOrcid"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonOrcid" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.16" friendlyName="eduPersonAssurance" encodeType="false" />
</AttributeDefinition>
<!-- Schema: norEdu* attributes -->
<!--
<AttributeDefinition xsi:type="Simple" id="norEduPersonLegalName">
<InputDataConnector ref="myLDAP" attributeNames="norEduPersonLegalName"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:norEduPersonLegalName" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.2428.90.1.10" friendlyName="norEduPersonLegalName" encodeType="false" />
</AttributeDefinition>
-->
<!-- Replace attributeNames with the actual real or computed attribute that releases person number -->
<AttributeDefinition xsi:type="Simple" id="norEduPersonNIN">
<InputDataConnector ref="myLDAP" attributeNames="norEduPersonNIN"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:norEduPersonNIN" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.2428.90.1.5" friendlyName="norEduPersonNIN" encodeType="false" />
</AttributeDefinition>
<!--
<AttributeDefinition xsi:type="Simple" id="norEduPersonLIN">
<InputDataConnector ref="myLDAP" attributeNames="norEduPersonLIN"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:norEduPersonLIN" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.2428.90.1.4" friendlyName="norEduPersonLIN" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="norEduPersonBirthDate">
<InputDataConnector ref="myLDAP" attributeNames="norEduPersonBirthDate"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:norEduPersonBirthDate" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.2428.90.1.3" friendlyName="norEduPersonBirthDate" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="norEduOrgUniqueIdentifier">
<InputDataConnector ref="myLDAP" attributeNames="norEduOrgUniqueIdentifier"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.2428.90.1.7" friendlyName="norEduOrgUniqueIdentifier" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="norEduOrgUnitUniqueIdentifier">
<InputDataConnector ref="myLDAP" attributeNames="norEduOrgUnitUniqueIdentifier"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.2428.90.1.8" friendlyName="norEduOrgUnitUniqueIdentifier" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="norEduOrgNIN">
<InputDataConnector ref="myLDAP" attributeNames="norEduOrgNIN"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:norEduOrgNIN" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.2428.90.1.12" friendlyName="norEduOrgNIN" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="norEduOrgUniqueNumber">
<InputDataConnector ref="myLDAP" attributeNames="norEduOrgUniqueNumber"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:norEduOrgUniqueNumber" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.2428.90.1.1" friendlyName="norEduOrgUniqueNumber" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="norEduOrgUnitUniqueNumber">
<InputDataConnector ref="myLDAP" attributeNames="norEduOrgUnitUniqueNumber"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.2428.90.1.2" friendlyName="norEduOrgUnitUniqueNumber" encodeType="false" />
</AttributeDefinition>
-->
<!-- Schema: SCHema for ACademia (SCHAC) -->
<!-- Replace attributeNames with the real or computed attribute that releases date of birth -->
<AttributeDefinition xsi:type="Simple" id="schacDateOfBirth">
<InputDataConnector ref="myLDAP" attributeNames="schacDateOfBirth"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:schacDateOfBirth" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.25178.1.2.3" friendlyName="schacDateOfBirth" encodeType="false" />
</AttributeDefinition>
<!-- Static Attributes -->
<AttributeDefinition xsi:type="Simple" id="friendlyCountryName">
<InputDataConnector ref="staticAttributes" attributeNames="co"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:co" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.43" friendlyName="co" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="countryName">
<InputDataConnector ref="staticAttributes" attributeNames="c"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:c" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.6" friendlyName="c" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="schacHomeOrganization">
<InputDataConnector ref="staticAttributes" attributeNames="schacHomeOrganization"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:schacHomeOrganization" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.25178.1.2.9" friendlyName="" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="schacHomeOrganizationType">
<InputDataConnector ref="staticAttributes" attributeNames="schacHomeOrganizationType"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:schacHomeOrganizationType" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.25178.1.2.10" friendlyName="schacHomeOrganizationType" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="norEduOrgAcronym">
<InputDataConnector ref="staticAttributes" attributeNames="norEduOrgAcronym"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:norEduOrgAcronym" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.2428.90.1.6" friendlyName="norEduOrgAcronym" encodeType="false" />
</AttributeDefinition>
<!-- Semi-deprecated eduPersonUniqueId, should be phased out in favor of SAML subject-id replacement below. -->
<!--
<AttributeDefinition xsi:type="Scoped" id="eduPersonUniqueId" scope="%{idp.scope}">
<InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}"/>
<AttributeEncoder xsi:type="SAML1ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" encodeType="false" />
<AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" friendlyName="eduPersonUniqueId" encodeType="false" />
</AttributeDefinition>
-->
<!-- Schema: SAML Subject ID Attributes -->
<!--
<AttributeDefinition xsi:type="Scoped" id="samlSubjectID" scope="%{idp.scope}">
<InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}"/>
<AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oasis:names:tc:SAML:attribute:subject-id" friendlyName="subject-id" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Scoped" id="samlPairwiseID" scope="%{idp.scope}">
<InputDataConnector ref="computed" attributeNames="computedId"/>
<AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oasis:names:tc:SAML:attribute:pairwise-id" friendlyName="pairwise-id" encodeType="false" />
</AttributeDefinition>
-->
<!-- Existing SWAMID eduPersonTargetedID -->
<AttributeDefinition xsi:type="SAML2NameID" id="eduPersonTargetedID" nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
<InputDataConnector ref="StoredId" attributeNames="persistentId"/>
<AttributeEncoder xsi:type="SAML1XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" />
<AttributeEncoder xsi:type="SAML2XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" friendlyName="eduPersonTargetedID" />
</AttributeDefinition>
<!-- Swedish eID Framework -->
<!-- Replace attributeNames with the actual real or computed attribute that releases the personal identity number -->
<AttributeDefinition xsi:type="Simple" id="personalIdentityNumber">
<InputDataConnector ref="staticAttributes" attributeNames="personalIdentityNumber"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:personalIdentityNumber" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.2.752.29.4.13" friendlyName="personalIdentityNumber" encodeType="false" />
</AttributeDefinition>
<!-- ========================================== -->
<!-- Data Connectors -->
<!-- ========================================== -->
<!-- Example Static Connector -->
<DataConnector id="staticAttributes" xsi:type="Static">
<Attribute id="o">
<Value>ORGANIZATION_NAME</Value>
</Attribute>
<Attribute id="norEduOrgAcronym">
<Value>ORGANIZATION_ACRONYM</Value>
</Attribute>
<Attribute id="c">
<Value>ISO_COUNTRY_CODE</Value>
</Attribute>
<Attribute id="co">
<Value>ISO_COUNTRY_NAME</Value>
</Attribute>
<Attribute id="schacHomeOrganization">
<Value>SCHAC_HOME_ORG_DOMAIN_NAME</Value>
</Attribute>
<Attribute id="schacHomeOrganizationType">
<Value>urn:schac:homeOrganizationType:eu:higherEducationInstitution</Value>
<!-- This value is for EU higher education institution, other allowed values are:
- urn:schac:homeOrganizationType:eu:educationInstitution
- urn:schac:homeOrganizationType:int:NREN
- urn:schac:homeOrganizationType:int:universityHospital
- urn:schac:homeOrganizationType:int:NRENAffiliate
- urn:schac:homeOrganizationType:int:other
-->
</Attribute>
</DataConnector>
<DataConnector id="StoredId"
xsi:type="StoredId"
generatedAttributeID="persistentId"
salt="%{idp.persistentId.salt}">
<InputAttributeDefinition ref="uid"/>
<BeanManagedConnection>MyGlobalDataSource</BeanManagedConnection>
</DataConnector>
<DataConnector id="myLDAP" xsi:type="LDAPDirectory"
ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
principal="%{idp.attribute.resolver.LDAP.bindDN}"
principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
trustFile="%{idp.attribute.resolver.LDAP.trustCertificates}">
<FilterTemplate>
<![CDATA[
%{idp.attribute.resolver.LDAP.searchFilter}
]]>
</FilterTemplate>
</DataConnector>
<!-- Example Relational Database Connector -->
<!--
<DataConnector id="mySIS" xsi:type="RelationalDatabase">
<ApplicationManagedConnection jdbcDriver="oracle.jdbc.driver.OracleDriver"
jdbcURL="jdbc:oracle:thin:@db.example.org:1521:SomeDB"
jdbcUserName="myid"
jdbcPassword="mypassword" />
<QueryTemplate>
<![CDATA[
SELECT * FROM student WHERE gzbtpid = '$resolutionContext.principal'
]]>
</QueryTemplate>
<Column columnName="gzbtpid" attributeID="uid" />
<Column columnName="fqlft" attributeID="gpa" />
</DataConnector>
-->
<!-- Example LDAP Connector -->
<!--
<DataConnector id="myLDAP" xsi:type="LDAPDirectory"
ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
principal="%{idp.attribute.resolver.LDAP.bindDN}"
principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
trustFile="%{idp.attribute.resolver.LDAP.trustCertificates}"
responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}">
<FilterTemplate>
<![CDATA[
%{idp.attribute.resolver.LDAP.searchFilter}
]]>
</FilterTemplate>
<ConnectionPool
minPoolSize="%{idp.pool.LDAP.minSize:3}"
maxPoolSize="%{idp.pool.LDAP.maxSize:10}"
blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}"
expirationTime="%{idp.pool.LDAP.idleTime:PT10M}"
failFastInitialize="%{idp.pool.LDAP.failFastInitialize:false}" />
</DataConnector>
-->
<!-- DataConector for pairwise-id (example depends on saml-nameid.properties). -->
<!--
<DataConnector id="computed" xsi:type="ComputedId"
generatedAttributeID="computedId"
salt="%{idp.persistentId.salt}"
algorithm="%{idp.persistentId.algorithm:SHA}"
encoding="%{idp.persistentId.encoding:BASE32}">
<InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}" />
</DataConnector>
-->
</AttributeResolver> |
|