scripted attribute def failure

IAM David Bantz dabantz at alaska.edu
Mon May 11 15:22:02 EDT 2015 

I'm sure this should be simple but I'm stymied.  I need to release a
username-like attribute that may come from either of two directory
sources.  I'm reliably authenticating against and retrieving attributes
from both directories, including the sAMAccountName from our AD
("uaADLDAP"), and a UASystemID attribute from an Oracle LDAP ("myLDAP").
The script below works as long as there is a record with sAMAccountName in
AD - so the else clause is not triggered - returning sAMAccountName in
uaUsername, but fails to execute the else clause when there is no
sAMAccountName.

ScriptletAttributeDefinition uaUsername unable to execute script

javax.script.ScriptException:
sun.org.mozilla.javascript.internal.EcmaError:  TypeError: UASystemID is
not a function, it is sun.org.mozilla.javascript.internal.NativeJavaObject.
(<Unknown Source>#15)



<resolver:AttributeDefinition id="uaUsername" xsi:type="Script" xmlns=
"urn:mace:shibboleth:2.0:resolver:ad">

        <resolver:Dependency ref="myLDAP" />

        <resolver:Dependency ref="uaADLDAP" />

        <resolver:AttributeEncoder … />

<!-- Script attempts to provide UA Username if AD and/or LDAP return value
-->

        <Script>

          <![CDATA[


importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);

        importPackage(Packages.org.slf4j);

        if (uaUsername == null)

             {uaUsername = new BasicAttribute("uaUsername");}

        if (typeof sAMAccountName != "undefined" && sAMAccountName != null
&& sAMAccountName.getValues().size() !=0)

             {  logger.debug("UA AD sAMAccountName Values: " +
sAMAccountName.getValues());


uaUsername.getValues().add(sAMAccountName.getValues().get(0))

             }

       else

            { if (typeof UASystemID != "undefined" && UASystemID != null &&
UASystemID().size() !=0)

                {   logger.debug("Oracle LDAP UASystemID Values: " +
UASystemID.getValues());


uaUsername.getValues().add(UASystemID.getValues().get(0))

                }

             }

       ]]>

     </Script>

</resolver:AttributeDefinition>

What am I missing?

David Bantz

U Alaska
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150511/3f32b44b/attachment.html>

More information about the users mailing list