Code Review: Mapping Directory Groups to eduPersonEntitlement

Brian Moon bmoon at scu.edu
Mon Apr 10 20:49:22 EDT 2017


And if going the MySQL route, then that raises the question of connection
pooling so that a new connection does not have to be established every time
a user logs in.


Brian Moon
Senior System Administrator
Enterprise Systems
Santa Clara University
Office: 408.554.4830
bmoon at scu.edu

On Mon, Apr 10, 2017 at 5:47 PM, Brian Moon <bmoon at scu.edu> wrote:

> Each time the script is run that file is loaded, so it is dynamic in the
> sense that changes can be made without having to restart tomcat.  The only
> thing I notice is that I have to log out of the SP and then log back in to
> see the change in entitlements.
>
> The MySQL option is interesting, though, since we will have multiple IdP
> servers (would be nice to have a single source for this).  If going that
> route, is there documentation that is Shibboleth specific that I can
> reference, or should I just look at http://middlewaremagic.com/
> jboss/?p=2760 for creating the DB connection within the script?
>
> Thanks!
>
>
> Brian Moon
> Senior System Administrator
> Enterprise Systems
> Santa Clara University
> Office: 408.554.4830 <(408)%20554-4830>
> bmoon at scu.edu
>
> On Mon, Apr 10, 2017 at 5:35 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
>
>> On 4/10/17, 8:19 PM, "users on behalf of Brian Moon" <
>> users-bounces at shibboleth.net on behalf of bmoon at scu.edu> wrote:
>>
>> > I just wrote a script to map directory groups to eduPersonEntitlement
>> strings.  Everything seems to be working fine with it,
>> > although I would appreciate a code review to make sure that I haven't
>> done anything stupid with it, or to see if there are areas
>> > that could be better optimized.
>>
>> Well, if you're asking, I don't see the point of using the hack of
>> loading JSON to do the mapping given that it's not going to reloadable in
>> isolation anyway. I'd probably stick the mappings into a local MySQL table
>> so it would be dynamic, or if I was satisfied with doing it statically, I'd
>> probably just declarare a map as a Spring bean and access it from the
>> script, which would certainly be a bit faster.
>>
>> -- Scott
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170410/41f5ca54/attachment.html>


More information about the users mailing list