mapped attribute-resolver WARNing

Wed Apr 27 07:49:45 EDT 2016

Hi,

(idp 3.2.1):
I'm using xsi:type="ad:Mapped" AttributeDefinition to map two different
source attributes to two different eduPersonEntitlements. Something
like this:
    <resolver:AttributeDefinition id="eduPersonEntitlement2-mapped" xsi:type="ad:Mapped" dependencyOnly="true" sourceAttributeID="isMemberOf">
        <resolver:Dependency ref="isMemberOf" />
        <ad:DefaultValue passThru="false" />
        <ad:ValueMap>
            <ad:ReturnValue>SomeEntitlement1</ad:ReturnValue>
            <ad:SourceValue>^somesourcevalue1.*$</ad:SourceValue>
        </ad:ValueMap>
    </resolver:AttributeDefinition>
    <resolver:AttributeDefinition id="eduPersonEntitlement-mapped" xsi:type="ad:Mapped" dependencyOnly="true" sourceAttributeID="srcattr2">
        <resolver:Dependency ref="myLDAP" />
        <ad:DefaultValue passThru="false" />
        <ad:ValueMap>
            <ad:ReturnValue>DifferentEntitlement2</ad:ReturnValue>
            <ad:SourceValue>^somesourcevalue2$</ad:SourceValue>
        </ad:ValueMap>
    </resolver:AttributeDefinition>

    <resolver:AttributeDefinition id="eduPersonEntitlement" xsi:type="ad:Simple" sourceAttributeID="eduPersonEntitlement-mapped">
        <resolver:Dependency ref="eduPersonEntitlement-mapped" />
        <resolver:Dependency ref="eduPersonEntitlement2-mapped" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2String" encodeType="true" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" />
    </resolver:AttributeDefinition>

This works except a warning is logged for every login:
WARN [net.shibboleth.idp.attribute.resolver.PluginDependencySupport:144]
- Plugin
  'eduPersonEntitlement' was defined with a sourceAttributeID
  'eduPersonEntitlement-mapped', but the attribute definition
  'eduPersonEntitlement2-mapped', specified as a <Dependency> will be
  used as well.

Is there a way to use the two mapped sourceattributes in
id="eduPersonEntitlement" xsi:type="ad:Simple" without getting this WARN log ?

Or is xsi:type="ad:Script" better way to create these two different
eduPersonEntitlements (and avoid this WARN:n message) ?

-Jarno

-- 
Jarno Huuskonen