Attributes Values Based on Presence of LDAP Attribute

David Bantz dabantz at alaska.edu
Wed May 21 13:11:54 EDT 2014 

The following script from our IdP resolver for ePA does an analogous operation, sending a default/fallback value of ePA even if none exists in the LDAP:

<Script>
<![CDATA[
        importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
        importPackage(Packages.org.slf4j);
        logger = LoggerFactory.getLogger("edu.internet2.middleware.shibboleth.resolver.Script.scriptTest");

//  Manipulate values only if eduPersonAffiliation directory value(s) exist

if (typeof eduPersonAffiliation != "undefined" && eduPersonAffiliation != null) 
{ …some manipulation of values omitted here… }

// Otherwise, create if null and  add attribute value "Affiliate"
            else
if (eduPersonAffiliation == null) {eduPersonAffiliation = new BasicAttribute("eduPersonAffiliation");}
               {
logger.debug(" ePA script if statement ELSE; ePA values: " + eduPersonAffiliation.getValues());             
                eduPersonAffiliation.getValues().add("Affiliate");
logger.debug(" ePA script add Affiliate; ePA values: " + eduPersonAffiliation.getValues());
                }
    ]]>
</Script>

David Bantz
U Alaska

On Tue, 20 May 2014, at 17:04 , Jason <shibboleth at happycat.org.uk> wrote:

> Hi All,
> 
> I'm working on setting up an integration between a Shibboleth IdP and
> a third-party service provider.
> 
> The service provider wants a custom attribute called "Application".
> I've defined that attribute, and the value of that attribute is
> retrieved from an LDAP attribute also called "Application".
> 
> Getting the IdP to return whatever is in LDAP is working fine.
> However, for users that don't have this attribute in LDAP, the IdP
> doesn't return the attribute, which is totally understandable.
> 
> My question is this: for users that don't have the attribute in LDAP,
> is it possible to have the IdP still return some value in the
> attribute statement?  If so, what's the best way to do that?
> 
> Thanks!
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140521/88642d6d/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://shibboleth.net/pipermail/users/attachments/20140521/88642d6d/attachment.bin

More information about the users mailing list