Releasing mail as scoped sAMAccoutName for a specific SP
Nilan Morjaria-Patel
N.Morjaria-Patel at soton.ac.uk
Mon Jun 14 15:44:10 UTC 2021
Hi,
Apologies for my ignorance but I have taken over our Shibb IdP from a former long standing colleague.
I require help regarding the above. I have the following script in attribute-resolver.xml where the SP's only requirement is mail. However our users can change their mail prefix so we want to release the scoped sAMAccoutName instead.
<AttributeDefinition id="mail" xsi:type="ScriptedAttribute">
<!-- We need LDAP for this attributes value -->
<InputDataConnector ref="uos_ldap" attributeNames="mail sAMAccountName" />
<!-- The script -->
<Script><![CDATA[
// Get the requester entity ID
requester = resolutionContext.getAttributeRecipientID();
// for research connect we want username at soton.ac.uk as mail
if (requester.equalsIgnoreCase("https://sp.idoxgroup.com/shibboleth"))
{
mail.addValue(sAMAccountName.getValues().get(0) + "@%{idp.scope}");
}
else
{
// By default, resolve this to mail in LDAP
mail = mail.getValues().get(0);
}
]]></Script>
</AttributeDefinition>
When I do this I get duplicate mail attributes released, is there a straightforward way to get around this?
Thanks
Nilan
----
Nilan Morjaria-Patel | Infrastructure Engineer | Enterprise Systems Management | iSolutions
University of Southampton
Level 5, One Guildhall Square, Southampton, SO14 7FP
n.morjaria-patel at soton.ac.uk<mailto:n.morjaria-patel at soton.ac.uk> | +44 2380 595680 | ext 25680
Manage your IT tickets and requests at: <http://www.southampton.ac.uk/ithelp> https://sotonproduction.service-now.com/soton/it.do
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210614/9a8af012/attachment.htm>
More information about the users
mailing list