Page tree
Skip to end of metadata
Go to start of metadata

The <QueryTemplate> element provides the template from which the LDAP search filter will be built.

Schema Name and Location

This element is defined by the urn:mace:shibboleth:2.0:resolver schema, which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd.

Typically the XML "CDATA" construct is used to wrap the text because it avoids the need for special escaping of most characters.

Examples

Using Principal Name
<FilterTemplate>
  <![CDATA[
          (uid=$resolutionContext.principal)
  ]]>
</FilterTemplate>
Using a Dependent Attribute
<FilterTemplate>
  <![CDATA[
          (uid=$employeeNumber.get(0))
  ]]>
</FilterTemplate>

Attributes

No attributes are defined.

Child Elements

No child elements are defined.

Template Context

As described below, several variables are available to the template context. In practice $resolutionContext.Principal and $attributeName will be useful.

NameWhen ValidDescription

resolutionContext

alwaysThe AttributeResolutionContext. Useful members include $resolutionContext.principal, $resolutionContext.attributeRecipientID and $resolutionContext.principalAuthenticationMethod

requestContext

The springResource attribute is not defined on the containing LDAPConnectorThe legacy V2SAMLProfileRequestContext, provided for compatibility with most legacy query templates

foo, bar, etc.

Whenever the enclosing element has a <Dependency>For each IdPAttribute available from all the provided dependencies, the attributes' values are available via the attribute's name. If the attribute only has a single value and you do not want the array characters '[' and ']' as part of your filter you can use AttributeName.get(0) to get that value.
  • No labels