[EXTERNAL] RE: Conditional attributes.

Ernie Kinsey Ernie.Kinsey at cpcc.edu
Wed Feb 14 08:19:02 EST 2018 

Stephen,

That looks promising – I probably stumbled over it in my earlier searches, but all of the “AttributeDefinition” references are beginning to blur together.  Thanks very much for the info.

Ernie.

On 2/14/18, 8:15 AM, "Losen, Stephen C. (scl)" <scl at virginia.edu> wrote:

    Hi Ernie,

    A scripted attribute definition in attribute-resolver.xml will do what you want.

    https://wiki.shibboleth.net/confluence/display/IDP30/ScriptedAttributeDefinition

    You will need to define a new attribute that depends on your input attributes, so you must also define your input attributes, which will probably be "simple attribute definitions" whose values come directly from LDAP.

    Stephen C. Losen
    ITS - Systems and Storage
    University of Virginia
    scl at virginia.edu    434-924-0640


    -----Original Message-----
    From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Ernie Kinsey
    Sent: Wednesday, February 14, 2018 7:57 AM
    To: Shib Users <users at shibboleth.net>
    Subject: Conditional attributes.

    I have a use case that ought to be pretty common, but I’m not quite finding what I want in the docs or in any searches I’ve done.

    I have a couple of values I’m getting from LDAP, and I want to conditionally use one of the two values as an attribute to be released.  It might be something I can do in the query to LDAP for all I know, but I was also thinking that there might be a way in Shibboleth itself to evaluate the two values and use the “good” one for what I return as a user’s internal identifying number, a.k.a, “employeeNumber”.

    If I can’t filter this coming from LDAP, the place I was looking at was in the attribute-resolver.xml to do the if-then kind of logic but don’t know if this is even the place to do it, or if it can be done at all this way.

    Any thoughts on this, or a point to the proper documentation would be much appreciated.

    Thanks,
    Ernest K. Kinsey, Jr.
    Central Piedmont Community College
    Charlotte, NC.



    ________________________________

    This e-mail, including any attachments, is intended only for the addressee's use and may contain confidential and proprietary information. If you are not the intended recipient, you are hereby notified that any retention, dissemination, reproduction, or use of the information contained in this e-mail is strictly prohibited. If you have received this e-mail by error, please delete it and immediately notify the sender. Thank you for your cooperation.
    --
    For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
    To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
    --
    For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
    To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net


________________________________

This e-mail, including any attachments, is intended only for the addressee's use and may contain confidential and proprietary information. If you are not the intended recipient, you are hereby notified that any retention, dissemination, reproduction, or use of the information contained in this e-mail is strictly prohibited. If you have received this e-mail by error, please delete it and immediately notify the sender. Thank you for your cooperation.

More information about the users mailing list