eduPersonAssurance and postAuthContext principals scripted attribute
Mak, Steve
makst at upenn.edu
Thu Jul 30 20:13:59 UTC 2020
This is what I wrote to get eduPersonAssurance working. Can anyone see if I did anything horribly wrong?
global.xml
<bean id="eduAssuranceBuilder" parent="shibboleth.Functions.Scripted" factory-method="inlineScript">
<constructor-arg>
<value><![CDATA[
if (input.getName() === 'urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken' ) {
logger = Java.type("org.slf4j.LoggerFactory").getLogger("resolver.eduAssuranceBuilder")
logger.debug("Build the eduPersonAssurance value with this: {}", input)
IdPAttributeValue = Java.type('net.shibboleth.idp.attribute.StringAttributeValue')
ArrayList = Java.type('java.util.ArrayList')
returnValue = new ArrayList()
attribute = new IdPAttributeValue('MFA')
returnValue.add(attribute)
returnValue
}
]]>
</value>
</constructor-arg>
</bean>
resolver.xml
<AttributeDefinition id="eduPersonAssurance" xsi:type="Simple">
<InputAttributeDefinition ref="eduPersonAssuranceSource"/>
</AttributeDefinition>
<AttributeDefinition id="eduPersonAssuranceSource" xsi:type="SubjectDerivedAttribute" attributeValuesFunctionRef="eduAssuranceBuilder" />
Thanks,
Steve
More information about the users
mailing list