'Re: [Shib-Users] Resolver definition xsi type script'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-users
Subject:    Re: [Shib-Users] Resolver definition xsi type script
From:       Ahsan Imam <eferesen () gmail ! com>
Date:       2010-04-29 16:51:02
Message-ID: z2xb16cb7961004290951nf698153fw2a001534e7074b08 () mail ! gmail ! com
[Download RAW message or body]

Hi Peter,

Perhaps I did not explain correctly,

I am not changing eduPersonAffiliation.   I am using eduPersonAffiliation as

a resolver dependency.

You can see in the attribute definition (below) that I am using values from
edupersonaffiliation and nauAffiliationTypeCode to to set values for custom
attribute called exampleLibraryPatron.  exampleLibraryPatron is an attribute
which does not exist in ldap.

The question regarding the 'case' was when I do a
edupersonaffiliation.getValues().contains("employee") in the script, I was a
little worried that a case could exist (highly unlikely) where the case is
different.  I just wanted to account for that.  From what Scott mentioned in
his reply it seems that case will not be an issue whether it is 'employee'
or 'Employee'.  Hopefully I am understanding this correctly.

Thanks

Here is the attribute definition:

 <resolver:AttributeDefinition id="exampleLibraryPatron" xsi:type="Script"
xmlns="urn:mace:shibboleth:2.0:resolver:ad">
        <resolver:Dependency ref="edupersonaffiliation" />
        <resolver:Dependency ref="exampleAffiliationTypeCode" />

        <resolver:AttributeEncoder xsi:type="SAML1String"
xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="http://www.example.edu/attributes/exampleLibraryPatron" />

        <resolver:AttributeEncoder xsi:type="SAML2String"
xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="http://www.example.edu/attributes/nauLibraryPatron"
friendlyName="Refworks" />

        <Script><![CDATA[

importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
            importPackage(Packages.org.slf4j);

            logger =
LoggerFactory.getLogger("edu.internet2.middleware.shibboleth.resolver.Script.scriptTest");

            logger.debug("Values for eduPersonaffiliation are " +
edupersonaffiliation.getValues() );

            if ( edupersonaffiliation == null) {
                 edupersonaffiliation = new
BasicAttribute("edupersonaffiliation");
            }

             if ( nauAffiliationTypeCode == null) {
                 nauAffiliationTypeCode = new
BasicAttribute("nauAffiliationTypeCode");
            }

            exampleLibraryPatron = new BasicAttribute("nauLibraryPatron");

             if ( edupersonaffiliation.getValues().contains("employee")
||
                 edupersonaffiliation.getValues().contains("student")     ||

exampleAffiliationTypeCode.getValues().contains("0011")      ||

exampleAffiliationTypeCode.getValues().contains("0177")      more logic
                 ) {
                exampleLibraryPatron.getValues().add("Y");
            } else {
                  exampleLibraryPatron.getValues().add("N");
            }

            ]]></Script>


    </resolver:AttributeDefinition>





On Wed, Apr 28, 2010 at 1:51 PM, Peter Schober
<peter.schober@univie.ac.at>wrote:

>
> If you create the eduPersonAffiliation value yourself via a script
> then I don't understand how you can end up with the other problem you
> were asking about:
>
>
> -peter
>



-- 
s/Ahsan/?/g

[Attachment #3 (text/html)]

Hi Peter,<br><br>Perhaps I did not explain correctly,<br><br>I am not changing  \
eduPersonAffiliation.     I am using  eduPersonAffiliation as <br>a resolver \
dependency.<br><br>You can see in the attribute definition (below) that I am using \
values from edupersonaffiliation and nauAffiliationTypeCode to to set values for \
custom attribute called exampleLibraryPatron.   exampleLibraryPatron is an attribute \
which does not exist in ldap.<br> <br>The question regarding the &#39;case&#39; was \
when I do a edupersonaffiliation.getValues().contains(&quot;employee&quot;) in the \
script, I was a little worried that a case could exist (highly unlikely) where the \
case is different.   I just wanted to account for that.   From what Scott mentioned \
in his reply it seems that case will not be an issue whether it is &#39;employee&#39; \
or &#39;Employee&#39;.   Hopefully I am understanding this correctly.<br> \
<br>Thanks<br><br>Here is the attribute definition:<br><br>  \
&lt;resolver:AttributeDefinition id=&quot;exampleLibraryPatron&quot; \
xsi:type=&quot;Script&quot; \
xmlns=&quot;urn:mace:shibboleth:2.0:resolver:ad&quot;&gt;<br>               \
&lt;resolver:Dependency ref=&quot;edupersonaffiliation&quot; /&gt;<br>  \
&lt;resolver:Dependency ref=&quot;exampleAffiliationTypeCode&quot; /&gt;<br><br>      \
&lt;resolver:AttributeEncoder xsi:type=&quot;SAML1String&quot; \
xmlns=&quot;urn:mace:shibboleth:2.0:attribute:encoder&quot;<br>  name=&quot;<a \
href="http://www.example.edu/attributes/exampleLibraryPatron">http://www.example.edu/attributes/exampleLibraryPatron</a>&quot; \
/&gt;<br><br>               &lt;resolver:AttributeEncoder \
xsi:type=&quot;SAML2String&quot; \
xmlns=&quot;urn:mace:shibboleth:2.0:attribute:encoder&quot;<br>  name=&quot;<a \
href="http://www.example.edu/attributes/nauLibraryPatron">http://www.example.edu/attributes/nauLibraryPatron</a>&quot; \
friendlyName=&quot;Refworks&quot; /&gt;<br><br>               \
&lt;Script&gt;&lt;![CDATA[<br>  \
importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);<br> \
importPackage(Packages.org.slf4j);<br><br>                       logger = \
LoggerFactory.getLogger(&quot;edu.internet2.middleware.shibboleth.resolver.Script.scriptTest&quot;);<br>
 <br>                       logger.debug(&quot;Values for eduPersonaffiliation are \
&quot; + edupersonaffiliation.getValues() );<br><br>                       if ( \
edupersonaffiliation == null) {<br>                                 \
edupersonaffiliation = new BasicAttribute(&quot;edupersonaffiliation&quot;);<br>  \
}<br><br>                         if ( nauAffiliationTypeCode == null) {<br>          \
nauAffiliationTypeCode = new BasicAttribute(&quot;nauAffiliationTypeCode&quot;);<br>  \
}<br><br>                       exampleLibraryPatron = new \
BasicAttribute(&quot;nauLibraryPatron&quot;);<br> <br>                         if ( \
edupersonaffiliation.getValues().contains(&quot;employee&quot;)       ||   <br>       \
edupersonaffiliation.getValues().contains(&quot;student&quot;)         ||<br>         \
exampleAffiliationTypeCode.getValues().contains(&quot;0011&quot;)           ||        \
<br>  exampleAffiliationTypeCode.getValues().contains(&quot;0177&quot;)           \
more logic<br>                                 ) {<br>                           \
exampleLibraryPatron.getValues().add(&quot;Y&quot;);<br>                       } else \
{<br>  exampleLibraryPatron.getValues().add(&quot;N&quot;);<br>                       \
}<br>   <br>                       ]]&gt;&lt;/Script&gt;<br><br><br>       \
&lt;/resolver:AttributeDefinition&gt;<br><br><br><br><br><br><div \
class="gmail_quote"> On Wed, Apr 28, 2010 at 1:51 PM, Peter Schober <span \
dir="ltr">&lt;<a href="mailto:peter.schober@univie.ac.at">peter.schober@univie.ac.at</a>&gt;</span> \
wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, \
204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">

<br>
If you create the eduPersonAffiliation value yourself via a script<br>
then I don&#39;t understand how you can end up with the other problem you<br>
were asking about:<br>
<br>
<br><font color="#888888">-peter<br>
</font></blockquote></div><br><br clear="all"><br>-- <br>s/Ahsan/?/g<br>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic