The Shibboleth V1 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.

RegExpAttributeDefinition

Configuring a RegExAttribute Definition

The RegExAttributeDefinition allows regular expression based replacements on attribute values, using the regex syntax
allowed by java.util.regex.Pattern. Capturing groups can be specified in the regex string using parenthesis and in
the replacement string using $i, where i = 0-9. Case-insensitive matches can be specified using the 'ignoreCase'
attribute set to true. No other flags allowed by java.util.regex.Pattern are deemed useful and hence not supported
yet, but are easy to add if needed.

Configuring the Definition

  1. Create a RegExAttributeDefinition element with its id attribute.
  2. Add necessary dependencies (i.e. DataConnectorDependency).

Example Configuration

<RegExAttributeDefinition 
    id="urn:mace:dir:attribute-def:eduPersonAffiliation"
    sourceName="eduPersonAffiliation"
    regex=".*STAFF.*"
    replacement="staff"
    ignoreCase="true">
    <DataConnectorDependency requires="directory"/>
</RegExAttributeDefinition>

Attribute Definition Dependencies

In order to use attributes from data connectors or other definitions you need to make sure those dependencies are resolved before this definition is called.

If your definition depends on a data connector create a child element, of the main definition element, called DataConnectorDependency and give it an attribute of requires whose value is the id of the data connector this definition depends on.

If your definition depends on another definition create a child element, of the main definition element, called AttributeDependency and give it an attribute of requires whose value is the id of the definition this definition depends on.

Error Propagation

Not every attribute definition may, or need, work for every user in the system. However, the definition may emit an error if it is unable to find any entries for the user or if it depends on another data connector or definition that didn't apply to the current user.

To suppress these errors, so that they don't stop the attribute lookup process, add the follow attribute and value to the main definition element:

  • propagateErrors - with a value of false

Data Caching

Attribute definitions cache their information for the length of one attribute request; until all data connectors and definitions have been evaluated and their information retrieved. You may optionally have the definition cache its data for a fixed period of time. This can increase performance but will result in a lead time for frequently changing data.

To enable this longer-lived cache add the following attribute to the main connector element:

  • cacheTime - the length of time, in seconds, to cache the attributes fetched by this definition