diff options
| author | Paul Scott <paul.scott@kau.se> | 2024-01-25 10:07:40 +0000 |
|---|---|---|
| committer | Paul Scott <paul.scott@kau.se> | 2024-01-25 10:07:40 +0000 |
| commit | 8105c6d1378444d9af77340d38eaac8786bce938 (patch) | |
| tree | ef1c9f6377f1787257b31f6688581c813bde8003 | |
| parent | ab364881fed70dd659bc869ece2652aa7aec03ca (diff) | |
Optional script to remove invalid chars from subject-idconf-2024-01-25-v02conf-2024-01-25-v01
| -rw-r--r-- | Shibboleth-IdP/v4/attribute-resolver.xml | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/Shibboleth-IdP/v4/attribute-resolver.xml b/Shibboleth-IdP/v4/attribute-resolver.xml index 5171017..391e687 100644 --- a/Shibboleth-IdP/v4/attribute-resolver.xml +++ b/Shibboleth-IdP/v4/attribute-resolver.xml @@ -453,6 +453,33 @@ <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oasis:names:tc:SAML:attribute:subject-id" friendlyName="subject-id" encodeType="false" /> </AttributeDefinition> + <!-- Schema: SAML Subject ID Attributes --> + <!-- Use this if your idp.persistentId.sourceAttribute contains invalid characters like underscore or full stop (period). + <AttributeDefinition id="preSamlSubjectID" xsi:type="ScriptedAttribute"> + <InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}"/> + <Script><![CDATA[ + logger = Java.type("org.slf4j.LoggerFactory").getLogger("net.shibboleth.idp.attribute.resolver.eppnbuilder"); + // Script to replace underscore with %5F + try { + // If idp.persistentId.sourceAttribute is not uid, then you need to amend the content of the script + source=uid.getValues().get(0); + source=source.replaceAll("_", "=5F"); + source=source.replaceAll("[\.]", "=2E"); + preSamlSubjectID.getValues().add(source); + } + catch(err) { + logger.info("Error: " + err); + } + ]]> + </Script> + </AttributeDefinition> + + <AttributeDefinition xsi:type="Scoped" id="samlSubjectID" scope="%{idp.scope}"> + <InputAttributeDefinition ref="preSamlSubjectID" /> + <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oasis:names:tc:SAML:attribute:subject-id" friendlyName="subject-id" encodeType="false" /> + </AttributeDefinition> + --> + <AttributeDefinition xsi:type="Scoped" id="samlPairwiseID" scope="%{idp.scope}"> <InputDataConnector ref="computed" attributeNames="computedId"/> <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oasis:names:tc:SAML:attribute:pairwise-id" friendlyName="pairwise-id" encodeType="false" /> |