shibboleth-dev - IDP 1.3 Attribute resolver not from principal
Subject: Shibboleth Developers
List archive
- From: david t <>
- To:
- Subject: IDP 1.3 Attribute resolver not from principal
- Date: Tue, 12 May 2009 15:40:26 +0000 (GMT)
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.fr; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=Z0CfOPi1plYlY8FgFkETq72sMh6AIIILmllywjv5u62bVW+/FiciwNrSkwgS2vtTiYJZa3xpBN7XxnIgwOtWtAaSZKFBEXpE22EHo85T954YE6Z6C8FALdcgP5gpXquQCwLC0JqqU4280AfYNtaQq7xu3VETXb4ObkLfEkvmWDM=;
Hello,
I use Shibboleth 1.3 and want to configure IDP resolver.
I would like that some LDAP values come from a search filter wich not depend to principal credential.
Like this :
<SimpleAttributeDefinition id="urn:mace:dir:attribute-def:cn"> <!--cn LDAP -->
<DataConnectorDependency requires="directory"/>
</SimpleAttributeDefinition>
<ScriptletAttributeDefinition id="urn:mace:dir:attribute-def:cnuid" sourceName="cnuid"> <!--transform principal -->
<DataConnectorDependency requires="param"/>
<Scriptlet><![CDATA[
resolverAttribute.addValue("valueforldap")//exemple cnuid return value
]]></Scriptlet>
</ScriptletAttributeDefinition>
<JNDIDirectoryDataConnector id="directory">
<Search filter="uid=%cnuid%"> <---cnuid attribut value --urn:mace:dir:attribute-def:cnuid...--
<Controls searchScope="SUBTREE_SCOPE" returningObjects="false" />
</Search>
<Property name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory" />
<Property name="java.naming.provider.url" value=ldap://xxxxxxx />
<Property name="java.naming.security.principal" value="xxxxxxx" />
<Property name="java.naming.security.credentials" value="xxxxxxx" />
</JNDIDirectoryDataConnector>
Is it possible ? how could really do that ?
Thanks for your help!
David
- IDP 1.3 Attribute resolver not from principal, david t, 05/12/2009
- Re: [Shib-Dev] IDP 1.3 Attribute resolver not from principal, Peter Schober, 05/13/2009
Archive powered by MHonArc 2.6.16.