Attributes Values Based on Presence of LDAP Attribute

David Bantz dabantz at
Wed May 21 13:11:54 EDT 2014

The following script from our IdP resolver for ePA does an analogous operation, sending a default/fallback value of ePA even if none exists in the LDAP:

        logger = LoggerFactory.getLogger("edu.internet2.middleware.shibboleth.resolver.Script.scriptTest");

//  Manipulate values only if eduPersonAffiliation directory value(s) exist

if (typeof eduPersonAffiliation != "undefined" && eduPersonAffiliation != null) 
{ …some manipulation of values omitted here… }

// Otherwise, create if null and  add attribute value "Affiliate"
if (eduPersonAffiliation == null) {eduPersonAffiliation = new BasicAttribute("eduPersonAffiliation");}
logger.debug(" ePA script if statement ELSE; ePA values: " + eduPersonAffiliation.getValues());             
logger.debug(" ePA script add Affiliate; ePA values: " + eduPersonAffiliation.getValues());

David Bantz
U Alaska

On Tue, 20 May 2014, at 17:04 , Jason <shibboleth at> wrote:

> Hi All,
> I'm working on setting up an integration between a Shibboleth IdP and
> a third-party service provider.
> The service provider wants a custom attribute called "Application".
> I've defined that attribute, and the value of that attribute is
> retrieved from an LDAP attribute also called "Application".
> Getting the IdP to return whatever is in LDAP is working fine.
> However, for users that don't have this attribute in LDAP, the IdP
> doesn't return the attribute, which is totally understandable.
> My question is this: for users that don't have the attribute in LDAP,
> is it possible to have the IdP still return some value in the
> attribute statement?  If so, what's the best way to do that?
> Thanks!
> --
> To unsubscribe from this list send an email to users-unsubscribe at

-------------- next part --------------
An HTML attachment was scrubbed...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : 

More information about the users mailing list