Using value maps for RBAC

Robert Duncan Robert.Duncan at ncirl.ie
Wed Nov 7 07:23:12 EST 2018 

Thanks Peter,


The fine documentation provides the following example:


<AttributeDefinition id="mapped" xsi:type="Mapped">
    <InputAttributeDefinition ref="uid" />
    <DefaultValue passThru="true"/>
    <ValueMap>
        <ReturnValue>return1</ReturnValue>
        <SourceValue>sou.+rc.+e1</SourceValue>
        <SourceValue partialMatch="true">fred</SourceValue>
        <SourceValue ignoreCase="true">Ignore.+Case.+When.+Comparing</SourceValue>
    </ValueMap>
    <ValueMap>
        <ReturnValue>return1</ReturnValue>
        <SourceValue>source2</SourceValue>
    </ValueMap>
    <ValueMap>
        <ReturnValue>some_string_to_add_before_value:$1</ReturnValue>
        <SourceValue>(.+)</SourceValue>
    </ValueMap>
    <AttributeEncoder xsi:type="SAML2String" name="https://example.org/example/name" friendlyName="Mapped" encodeType="false" />
 </AttributeDefinition>

but my question was:
Is there a way to use multiple source attributes in a value map?  not multiple source values

Thanks,
Robert Duncan





________________________________
From: users <users-bounces at shibboleth.net> on behalf of Peter Schober <peter.schober at univie.ac.at>
Sent: Wednesday 7 November 2018 11:57:23
To: users at shibboleth.net
Subject: Re: Using value maps for RBAC

* Robert Duncan <Robert.Duncan at ncirl.ie> [2018-11-07 12:05]:
> Is there a way to use multiple source attributes in a value map?

Yes.

> I want to map roles to departments but I also want to map certain
> individuals to special roles,

You can also have multiple ValueMap elements within the same Mapped
AttributeDefinition.

The fine documentation covers all of that, cf. "Cardinality":
https://wiki.shibboleth.net/confluence/display/IDP30/MappedAttributeDefinition
(Easily found by entering "Mapped" in the search filed in the upper right.)

The example below also demonstrates that.

-peter
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
________________________________
The information contained and transmitted in this e-mail is confidential information, and is intended only for the named recipient to which it is addressed. The content of this e-mail may not have been sent with the authority of National College of Ireland. Any views or opinions presented are solely those of the author and do not necessarily represent those of National College of Ireland. If the reader of this message is not the named recipient or a person responsible for delivering it to the named recipient, you are notified that the review, dissemination, distribution, transmission, printing or copying, forwarding, or any other use of this message or any part of it, including any attachments, is strictly prohibited. If you have received this communication in error, please delete the e-mail and destroy all record of this communication. Thank you for your assistance.
________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20181107/820bb10a/attachment.html>

More information about the users mailing list