Conditional attributes.

Losen, Stephen C. (scl) scl at
Wed Feb 14 08:15:35 EST 2018

Hi Ernie,

A scripted attribute definition in attribute-resolver.xml will do what you want.

You will need to define a new attribute that depends on your input attributes, so you must also define your input attributes, which will probably be "simple attribute definitions" whose values come directly from LDAP.

Stephen C. Losen
ITS - Systems and Storage
University of Virginia
scl at    434-924-0640

-----Original Message-----
From: users [mailto:users-bounces at] On Behalf Of Ernie Kinsey
Sent: Wednesday, February 14, 2018 7:57 AM
To: Shib Users <users at>
Subject: Conditional attributes.

I have a use case that ought to be pretty common, but I’m not quite finding what I want in the docs or in any searches I’ve done.

I have a couple of values I’m getting from LDAP, and I want to conditionally use one of the two values as an attribute to be released.  It might be something I can do in the query to LDAP for all I know, but I was also thinking that there might be a way in Shibboleth itself to evaluate the two values and use the “good” one for what I return as a user’s internal identifying number, a.k.a, “employeeNumber”.

If I can’t filter this coming from LDAP, the place I was looking at was in the attribute-resolver.xml to do the if-then kind of logic but don’t know if this is even the place to do it, or if it can be done at all this way.

Any thoughts on this, or a point to the proper documentation would be much appreciated.

Ernest K. Kinsey, Jr.
Central Piedmont Community College
Charlotte, NC.


This e-mail, including any attachments, is intended only for the addressee's use and may contain confidential and proprietary information. If you are not the intended recipient, you are hereby notified that any retention, dissemination, reproduction, or use of the information contained in this e-mail is strictly prohibited. If you have received this e-mail by error, please delete it and immediately notify the sender. Thank you for your cooperation.
For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list