Attribute Lookup in Extension
cab at umn.edu
Mon Sep 17 13:59:15 EDT 2018
One thing I found helpful in understanding this was to examine the
existing (system) flows that call a ResolveAttributes action, and
compare how different flows invoke it in different ways at different times.
For example, comparing the authn-flow vs. the SAML sso-abstract-flow
(the former being the quick lookup of a select few attributes needed
during the authentication process, while the latter is pulling in
"everything" to generate the attributes for the SAML response).
For this case, the "attributesToResolve" property on the
ResolveAttributes might be appropriate (example in
system/flows/authn/authn-flow.xml and authn-beans.xml).
On 9/16/2018 5:36 PM, Cantor, Scott wrote:
>> Is it possible to extract the value of the 'memberOf' attribute if the
>> DataConnector to LDAP, and the AttributeDefinition for 'memberOf' are in
>> attribute-resolver.xml? i.e. I don't have to build a separate LDAP connection
>> and 'memberOf' ldap filter lookup in the extension.
> That depends when/where/what you're doing. An interceptor (the post-login sort) has access to all the resolved attrbutes, it runs afterward. That's covered in the wiki.
>> If the above is available, are there any example code to refer to? The number of
>> moving parts for me to learn on writing an extension is large at this stage,
>> anything to grasp on will be a big help.
> The interceptors that already exist are the only examples and several of them are so small that it would be of no value to produce any example of any less complexity.
> The documentation that exists is exactly what exists, no more or less.
> -- Scott
%% Christopher A. Bongaarts %% cab at umn.edu %%
%% OIT - Identity Management %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
More information about the users