shibboleth-dev - [Shib-Dev] hacking lastActivityInstant for point-in-time provisioning via the attribute resolver ?
Subject: Shibboleth Developers
List archive
[Shib-Dev] hacking lastActivityInstant for point-in-time provisioning via the attribute resolver ?
Chronological Thread
- From: Tom Zeller <>
- To:
- Subject: [Shib-Dev] hacking lastActivityInstant for point-in-time provisioning via the attribute resolver ?
- Date: Thu, 28 Apr 2011 16:56:34 -0500
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:from:date:x-google-sender-auth:message-id :subject:to:content-type; b=e7/0T1Or175oizio7RYdkPHs0YPAHk4SuvVq5iWpRwMpZFtuxZ205BvaLInLVlsicz Rvl3j148RayXFJmRjQy51pZNQEXKF7aatqhMNcOPxs41mSBRO9yp8cvKsYi+9U2LDHY1 mXk4mUK0AcSw4+SWqAwHv1zBRN+Q7mA1y0HQs=
I imagine the response to my question is "probably not a good idea",
but here goes ...
Ideally, I would like to pass arbitrary data (a DateTime object or
timestamp) into a AttributeRequestContext.
I am using the attribute resolver for provisioning grouper via
ldappcng, and I think I would like to supply a DateTime object to an
AttributeAuthority when calculating attributes. The purpose of the
DateTime object would be for Grouper's DataConnectors to return
attributes based on Grouper's point-in-time auditing.
Would it be a reasonable hack to co-opt a Session's
lastActivityInstant ? The user session would never be used elsewhere,
AFAIK.
Pseudo-code follows :
// a group or member identifier
String ID = provisioningRequest.getID();
// when a change occurred
long when = provisioningRequest.getAuditTime();
// create a context with principal name as the group or member identifier
BaseSAMLProfileRequestContext attributeRequestContext = new
BaseSAMLProfileRequestContext();
attributeRequestContext.setPrincipalName(ID);
// BEGIN HACK
// pass a timestamp via user session
SessionImpl userSession = new SessionImpl(null, null, 0);
userSession.setLastActivityInstant(new DateTime(when));
attributeRequestContext.setUserSession(userSession);
// END HACK
// get the attributes
attributeAuthority.getAttributes(attributeRequestContext);
And in the DataConnector
String principalName =
resolutionContext.getAttributeRequestContext().getPrincipalName();
DateTime when =
resolutionContext.getAttributeRequestContext().getUserSession().getLastActivityInstant();
Group group = PITGroupFinder.findByName(principalName, when ...)
TomZ
- [Shib-Dev] hacking lastActivityInstant for point-in-time provisioning via the attribute resolver ?, Tom Zeller, 04/28/2011
- Re: [Shib-Dev] hacking lastActivityInstant for point-in-time provisioning via the attribute resolver ?, Chad La Joie, 04/28/2011
Archive powered by MHonArc 2.6.16.