Page tree

Previous Stable Release

Please note that the V3 release branch is now the previous stable release, with the current stable releases from the V4 branch.
Support for V3 will end on Dec 31, 2020.

Skip to end of metadata
Go to start of metadata

The <QueryTemplate> element provides the template from which the LDAP search filter will be built.

Schema Name and Location

This element is defined by the urn:mace:shibboleth:2.0:resolver schema, which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd.

Typically the XML "CDATA" construct is used to wrap the text because it avoids the need for special escaping of most characters.

Examples

Using Principal Name
<FilterTemplate>
  <![CDATA[
          (uid=$resolutionContext.principal)
  ]]>
</FilterTemplate>
Using a Dependent Attribute
<FilterTemplate>
  <![CDATA[
          (uid=$employeeNumber.get(0))
  ]]>
</FilterTemplate>

Attributes

No attributes are defined.

Child Elements

No child elements are defined.

Template Context

As described below, several variables are available to the template context. In practice $resolutionContext.Principal and $attributeName will be useful.

NameWhen ValidDescription

resolutionContext

alwaysThe AttributeResolutionContext. Useful members include $resolutionContext.principal, $resolutionContext.attributeRecipientID and $resolutionContext.principalAuthenticationMethod

requestContext

The springResource attribute is not defined on the containing LDAPConnectorThe legacy V2SAMLProfileRequestContext, provided for compatibility with most legacy query templates

foo, bar, etc.

Whenever the enclosing element has a dependency (attribute or data connector)For each IdPAttribute available from all the provided dependencies, the attributes' values are available via the attribute's name. If the attribute only has a single value and you do not want the array characters '[' and ']' as part of your filter you can use AttributeName.get(0) to get that value.
  • No labels