Creation of new attribute from script

Terry Soucy terry.soucy at unb.ca
Wed Jan 4 18:47:06 GMT 2012


I'm trying to create a new attribute that will return either the uid or another uid, based on values in objectClass (unbCaAlumni).  The object of this exercise is to create an attribute that will return the uniqueUid of a record for use with the StoredId procedure.  I'm finding that when I have the attribute definition for uniqueUid active in the shibboleth config, I get the following error ..

14:20:57.476 - WARN [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:478] - Error resolving attributes for principal 'tsoucy'.  No name identifier or attribute statement will be included in response

.. and that's without changing the StoredId procedure, just the inclusion of the uniqueUid definition.

Any thoughts?

Terry Soucy



Attribute definition ..

    <resolver:AttributeDefinition
            xsi:type="Script"
            id="uniqueUid"
            xmlns="urn:mace:shibboleth:2.0:resolver:ad">
        <resolver:Dependency ref="myLDAP" />
        <resolver:AttributeEncoder
                xsi:type="enc:SAML2String"
                name="urn:oid:0.9.2342.19200300.100.1.1"
                friendlyName="uniqueUid" />
        <Script><![CDATA[
            importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);

            // Create attribute to be returned from definition
            uniqueUid = new BasicAttribute("uniqueUid");
            for (i = 0; objectClass != null && i < objectClass.getValues().size(); i++) {
                value = objectClass.getValues().get(i);
                if (value.equalsIgnoreCase("unbcaalumni")) {
                    uniqueUid = unbCaAlumniUid.getValues().get(0);
                } else {
                    uniqueUid = uid.getValues().get(0);
                }
            }
        ]]></Script>
    </resolver:AttributeDefinition>


StoredId data connector definition ..

    <!-- Persistent ID data connector -->
    <resolver:DataConnector id="StoredId"
        xsi:type="StoredId"
        xmlns="urn:mace:shibboleth:2.0:resolver:dc"
        sourceAttributeID="uid"
        generatedAttributeID="persistentID"
        salt="Ru5awBi7rzuewGH0P0kCKr9vfSbkq0YxKKYzI2HxmN2ghaBY">
        <resolver:Dependency ref="uid" />
        <dc:ApplicationManagedConnection
            jdbcDriver="com.mysql.jdbc.Driver"
            jdbcURL="jdbc:mysql://unbmysql.unb.ca:3306/shibboleth?autoReconnect=true"
            jdbcUserName="shibbolethUser"
            jdbcPassword="shibbolethPassword" />
    </resolver:DataConnector>


--
Terry Soucy, Systems Analyst             Information Technology Services
University of New Brunswick, Fredericton Campus  http://www.unbf.ca/its
Voice: 506.447.3018     Fax: 506.453.3590    E-mail: terry.soucy at unb.ca
**    ITS is a scent-reduced workplace - www.unbf.ca/its/policies    **







More information about the users mailing list