Mapped Attribute Definition
A mapped attribute definition creates an attribute by mapping the values of another attribute definition or data connector to one or more different values. The following steps walk through creating a simple attribute definition.
1. Define the Definition
The definition is defined with the element
<resolver:AttributeDefinition xsi:type="Mapped" xmlns="urn:mace:shibboleth:2.0:resolver:ad"> with the following required attribute:
- id - assigns a unique, within the resolver, identifier that may be used to reference this definition
and the following optional attributes:
- dependencyOnly - a boolean flag that indicates the attribute produced by this definition is used only by other resolver components and should not be released from the resolver (default value: false)
- sourceAttributeID - the ID of the attribute, from the dependency connectors, used to construct this attribute (default value: ID of this attribute)
2. Define Dependencies
It is very common for one component, like attribute definitions, within the attribute resolver to depend on information retrieved or constructed from another component.
Dependencies are expressed by the
<resolver:Dependency> with a
ref attribute whose value is the unique ID of the attribute definition or the data connector that this connector depends on.
3. Define Value Maps
The mapped attribute definition can contain one or more value maps which define the actual mapping to perform. Each
<ValueMap> defines a many-to-one mapping of source values to a return value. Many-to-many mappings can be achieved by using multiple maps. Each
<ValueMap> contains a single
<ReturnValue> and one or more
<SourceValue> elements. The source value strings are regular expressions that are matched against source attributes. If the source attribute matches, it is mapped to the return value.
<ReturnValue> may contain regular expression back references to capturing groups in the source value.
<SourceValue> element also allows the following advanced configuration attributes controlling how matching is performed:
ignoreCase- boolean; if true, value matching will be case-insensitive; defaults to false. Incompatible with
partialMatch- boolean; if true, the
<SourceValue>may match only a substring of the incoming value. Otherwise, it must match the entire value; defaults to false. This option is mutually exclusive with a regular expression based
4. Define Default Value
If a source attribute does not match any of the value maps, the
<DefaultValue> will be returned if one is defined. The default value may not contain back references to regular expression capture groups. If you want the original source value to be passed through unmodified, set the
passThru equal to true. If no default value is defined, source values that do not match a value map will simply be dropped.
Imagine the simple scenario in which you have a data store that contains an attribute
myEduAffiliation. This attribute is populated with internal affiliation values for students and instructors, but you would like to map them to the controlled vocabulary used by
eduPersonAffiliation. You might have a mapped attribute definition that looks something like this.
You can also leverage the regular expression power of the mapped attribute definition without using the mapping functionality by simply defining only a single source value. For example, imagine you have a name attribute
legalName that is of the form "Last, First". However, you'd like to release that attribute as
displayName of the form "First Last".