Page tree
Skip to end of metadata
Go to start of metadata

Overview

Data connectors produce sets of IdPAttribute objects which are internal to the IdP and are generally used as input to attribute definitions. The product of data connectors are not in general passed along directly to relying parties.

Schema Name and Location

All elements and plugins described in this page and its children are defined in the urn:mace:shibboleth:2.0:resolver schema, which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd.

Prior to V3.3, the supplied plugins were only defined by a schema type (xsi:type) in the urn:mace:shibboleth:2.0:resolver:dc schema, which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-dc.xsd.  Now they are defined in both namespaces.

Common Attributes

Name
Type
Default
Description

id

String

Identifier for the Data Connector. This is used for logging, to establish dependencies, and as a target for failover.

activationConditionRef      

Bean Reference
Bean ID of a condition to decide whether to resolve this connector, see here

springResources

String

A series of ';' separated resource names which contain Spring definitions for this connector. See below.
Only valid for RelationalDatabase, LDAPDirectory, Scripted 3.1 and Static 3.1 connectors.

springResourcesRef 3.1

Bean Reference

Bean ID of a List<Resource> which contain Spring definitions for this connector. See below.
Only valid for RelationalDatabase, LDAPDirectory, Scripted and Static connectors.

factoryPostProcessorsRef 3.1

Bean Reference
(Advanced) Bean ID of a List<BeanFactoryPostProcessor> for use when parsing the resources specified by springResources or springResourcesRef

postProcessorsRef 3.1

Bean Reference
(Advanced) Bean ID of a List<BeanBeanPostProcessorPostProcessor> for use when parsing the resources specified by springResources or springResourcesRef

profileContextStrategyRef

Bean Reference
Bean ID of a function injected to override the normal lookup process for the request's ProfileRequestContext

noRetryDelay 3.2

Duration0Time between retries of a failed data connector (during the interval, failure is just assumed when the connector is run and no actual connection is attempted)

Common Child Elements

All Data Connectors can have zero or more of each the following two child elements.

Prior to V3.3 the child elements had to be specified in a strict order, with the Common Child Elements coming first.  This has been relaxed in V3.3.

NameCardinalityDescription

<Dependency>

0 or more

Deprecated in 3.4
This element has a single attribute ref="whatever" whose content is the identifier of an attribute definition or data connector whose output is an input to this data connector.

<InputAttributeDefinition> 3.4

0 or moreThis element describes an attribute definition which is an input to this data connector.

<InputDataConnector> 3.4

0 or moreThis element describes an data connectors, whose attributes are to be input to this data conector.

<FailoverDataConnector>          

0 or moreThis element has a single attribute ref="whatever" whose content is the identifier of a data connector to resolve if this data connector fails (for instance due to the external data source being unavailable).

DataConnector Plugin Types

Data Connectors are distinguished by their schema type, which is inside the xsi:type XML attribute. The following types are supported:

xsi:typeFunction

Static

A data connector that gets its information from a static list of attributes and values specified within the configuration

ScriptedDataConnector

Creates multiple attributes from a script supported by JSR-223

ComputedId

Creates an attribute whose value is computed from the SHA-1 hash of the requesting entity's ID, an attribute value (usually a user identifier of some kind), and a salt

StoredId

Creates an attribute whose value is generated either via the ComputedId mechanism (above) or by storing it and looking it up in a database

RelationalDatabase

A data connector that uses JDBC to connect to and pull information from a relational database

LDAPDirectory

A data connector that uses LDAP to connect to and pull information from a directory

HTTP 3.4

A data connector that uses HTTP to connect to and pull information from a web service

Native Spring Configuration

Certain Data Connectors can be configured using native Spring syntax, which allows for various optimizations, shared connection configuration, and/or use of advanced options not supported otherwise. Two mechanisms for this exist:

  • By direct reference to externally defined beans, for instance <BeanManagedConnection>
  • By specifying, via the springResources or springResourcesRef attributes, resources which contain appropriate configuration for the connector

More precise details are described for each data connector.

  • No labels