The Shibboleth V1 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.

StaticDataConnector

Owned by Scott Cantor
Last updated: Feb 16, 2008 by Former user (Deleted)Version comment
2 min read

Configuring a Static Data Connector

NOTE: This connector is only included since IdP 1.3.1 (see announcement e-mail). If you use an earlier IdP release, you may retrieve it from the source control system if you feel comfortable doing so or patch your IdP 1.3c with a Java archive.

The static data connector allows a static value, for an attribute, to be declared in the connector's configuration. This provides the configured attribute value for every user serviced by the IdP. This is very useful for providing user attributes that are the result of their participation within the organization represented by the IdP. For example, all user's at a university may be entitled to a particular library resource. This library resource may key off a particular value of the eduPersonEntitlement attribute. This connector could be used to assign that value for that attribute to everyone in the university instead of having to add it to every user's entry in some back-office system.

Data Connector Basics

All data connectors are configured in the IdP's resolver.xml configuration file.

Each connector is defined with an XML element that requires an id attribute. This attribute is used to reference the connector from other connectors and attribute definitions. To make future maintenance easier we encourage you to use an meaningful name for id attribute.

Configuring the Connector

  1. Create a StaticDataConnector element and provide it an id.
  2. Create Attribute child elements, one for each attribute you wish this connector to produce, with an attribute of name and a value of the name of the attribute.
  3. Create Value elements, that are children of the Attribute, whose content is the attribute's value. You may have more than one Value element for a given Attribute element in order to represent a multi-valued attribute. If Value contains the string '%PRINCIPAL%' then this will be replaced by the current principal's name.

Example Configuration: common-lib-terms

This example has two pre-conditions:

  1. You only provision static eduPersonEntitlement attribute values, i.e. you have no further values originating from your directory or database.
  2. All your users match the common-lib-terms criteria.

If these pre-conditions are not met consider using the ScriptletAttributeDefinition.

Add the value urn:mace:dir:entitlement:common-lib-terms as a statically resolved attribute like this:

<SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
    <DataConnectorDependency requires="staticLibraryEPE"/>
</SimpleAttributeDefinition>

<StaticDataConnector id="staticLibraryEPE">
    <Attribute name="eduPersonEntitlement">
        <Value>urn:mace:dir:entitlement:common-lib-terms</Value>
    </Attribute>
</StaticDataConnector>

To provision multiple static values at once, configure the Data Connector like this:

<StaticDataConnector id="staticLibraryEPE">
    <Attribute name="eduPersonEntitlement">
        <Value>urn:mace:dir:entitlement:common-lib-terms</Value>
        <Value>urn:mace:incommon:entitlement:common:1</Value>
    </Attribute>
</StaticDataConnector>

Example configuration: using %PRINCIPAL%

To set ePPN directly from the current principal's name:

<SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrincipalName"
    sourceName="netid" smartScope="example.edu">
        <DataConnectorDependency requires="static"/>
</SimpleAttributeDefinition>

<StaticDataConnector id="static">
    <Attribute name="netid">
         <Value>%PRINCIPAL%</Value>
    </Attribute>
</StaticDataConnector>