======Data Connector======

<callout color="#ff9900" title="Archiv">
Dieser Artikel ist ein Community-Beitrag für Shibboleth IdP 3.x. Es ist unklar, ob er für Shibboleth IdP 4.x so noch gilt.
</callout>

Um für den Shibboleth Identity Provider der Version 3 einen Datenkonnektor selbst zu schreiben, müssen bestimmte Klassen erweitert werden und eigne Namespaces erzeugt werden.

===== Zu erweiternde Klassen =====

   * Data Connector Klasse: <code>net.shibboleth.idp.attribute.resolver.AbstractDataConnector</code>
   * Parser: <code>net.shibboleth.idp.attribute.resolver.spring.dc.AbstractDataConnectorParser</code>
   * Namespace Handler: <code>net.shibboleth.ext.spring.util.BaseSpringNamespaceHandler</code>

==== Namespace Schema das erweitert werden muss ====

   * Namespace Schema: <code>urn:mace:shibboleth:2.0:resolver</code>

Folgendes Beispiel implementiert das Attribut eduPersonTargetedId aus der Shibboleth Version 2.

====Data Connector Beispiel: TargetedId====

===Data connector Class===

<file java TargetedIdSampleDataConnector.java>
package org.example.shib_idp;
...
public class TargetedIdSampleDataConnector extends AbstractDataConnector {

   private static final Logger LOG = LoggerFactory.getLogger(TargetedIdSampleDataConnector.class);
   private final String salt = "A secret, random string.";
   private String relyingPartyId;

   @Override
   protected Map<String, IdPAttribute> doDataConnectorResolve( AttributeResolutionContext resolutionContext, 
   AttributeResolverWorkContext workContext) throws ResolutionException {
      // compute SHA-1 Hash for eduPersonTargetedId: entityId of requester + uid + "string ... "
      relyingPartyId = resolutionContext.getAttributeRecipientID();
      Map<String, IdPAttribute> result = new HashMap<String, IdPAttribute>();
      String username = resolutionContext.getPrincipal();

      IdPAttribute attribute = new IdPAttribute("eduPersonTargetedId");
      result.put("eduPersonTargetedId", attribute);
      List<IdPAttributeValue<?>> outputValues = new ArrayList<>(1);
                outputValues.add(new StringAttributeValue(getTargetedId(username)));
                attribute.setValues(outputValues);
      LOG.debug("Data connector added attribute: eduPersonTargetedId[" + getTargetedId(username) + "]");

      return result;
   }

   private String getTargetedId(final String source) throws ResolutionException{
        try {
            final MessageDigest md = MessageDigest.getInstance("SHA");
            md.update(relyingPartyId.getBytes());
            md.update((byte) '!');
            md.update(source.getBytes());
            md.update((byte) '!');

            return Base64Support.encode(md.digest(salt.getBytes()), Base64Support.UNCHUNKED);
        } catch (final NoSuchAlgorithmException e) {
            LOG.error("Digest algorithm SHA is not supported");
            throw new ResolutionException("Digest algorithm was not supported, unable to compute ID", e);
        }
   }
}
</file>

===Data Connector Parser===

<file java TargetedIdSampleDataConnectorParser.java>
package org.example.shib_idp;
...
public class TargetedIdSampleDataConnectorParser extends AbstractDataConnectorParser {

   public static final QName SCHEMA_NAME = new QName(TargetedIdSampleDataConnectorNamespaceHandler.NAMESPACE, "TargetedIdDataConnector");

     /** {@inheritDoc} */
    @Override protected Class<TargetedIdSampleDataConnector> getNativeBeanClass() {
        return TargetedIdSampleDataConnector.class;
    }

   @Override
   protected void doV2Parse(Element element, ParserContext parserContext,
         BeanDefinitionBuilder builder) {
      super.doParse(element, builder);      
   }
}
</file>

===Data Connector Namespace Handler===

<file java TargetedIdSampleDataConnectorNamespaceHandler.java>
package org.example.shib_idp;

import net.shibboleth.ext.spring.util.BaseSpringNamespaceHandler;

public class TargetedIdSampleDataConnectorNamespaceHandler extends BaseSpringNamespaceHandler {

    /** Namespace for this handler. */
    public static String NAMESPACE = "urn:example.org:shibboleth:2.0:resolver";
    
    /** {@inheritDoc} */
   @Override
   public void init() {
        registerBeanDefinitionParser(TargetedIdSampleDataConnectorParser.SCHEMA_NAME,
                new TargetedIdSampleDataConnectorParser());
   }
}
</file>

===Schema Erweiterung===

   * Die Schema Erweiterung muss im *.jar File unter schema/myConnectors.xsd liegen

<file xml schema/myConnectors.xsd>
<?xml version="1.0" encoding="UTF-8"?>
<schema targetNamespace="urn:example.org:shibboleth:2.0:resolver" 
        xmlns="http://www.w3.org/2001/XMLSchema"
        xmlns:resolver="urn:mace:shibboleth:2.0:resolver" 
        elementFormDefault="qualified">

    <import namespace="urn:mace:shibboleth:2.0:resolver"
        schemaLocation="classpath:/schema/shibboleth-2.0-attribute-resolver.xsd" />

    <complexType name="TargetedIdDataConnector">
        <annotation>
            <documentation>
               Resolving eduPersonTargetedId as in version 2.
            </documentation>
        </annotation>
        <complexContent>
            <extension base="resolver:BaseDataConnectorType">
            </extension>
        </complexContent>
    </complexType>
</schema>
</file>

===Spring Schema File===

   * Das Schema File muss im *.jar File unter META-INF/spring.schemas liegen

<file properties META-INF/spring.schemas>
urn\:example.org\:shibboleth\:2.0\:resolver = schema/myConnectors.xsd
</file>

===Spring Handler File===

   * Das Handler File muss im *.jar File unter META-INF/spring.handlers liegen

<file properties META-INF/spring.handlers>
urn\:example.org\:shibboleth\:2.0\:resolver = org.example.shib_idp.TargetedIdSampleDataConnectorNamespaceHandler
</file>

===Plug-In installieren===

   * Aus den angegebenen Dateien ein *.jar file generieren (am besten mit mvn)
   * Dieses *.jar file in das lib Verzeichnis der Webapplication vom Shibboleth IdP kopieren.

===Data Connector im Attribute Resolver benutzen===

<file xml conf/attribute-resolver.xml>
 <resolver:AttributeResolver
          xmlns:resolver="urn:mace:shibboleth:2.0:resolver" 
          xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc"
          xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad" 
          xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc"
          xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder" 
          xmlns:sec="urn:mace:shibboleth:2.0:security"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
          xmlns:tid="urn:example.org:shibboleth:2.0:resolver"
          xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
                              urn:mace:shibboleth:2.0:resolver:pc http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-pc.xsd
                              urn:mace:shibboleth:2.0:resolver:ad http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-ad.xsd
                              urn:mace:shibboleth:2.0:resolver:dc http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-dc.xsd
                              urn:mace:shibboleth:2.0:attribute:encoder http://shibboleth.net/schema/idp/shibboleth-attribute-encoder.xsd
                              urn:example.org:shibboleth:2.0:resolver classpath:/schema/myConnectors.xsd
                              urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd">
...
<!-- TargetedId DataConnector -->
     <resolver:DataConnector id="myData" xsi:type="TargetedIdDataConnector" xmlns="urn:example.org:shibboleth:2.0:resolver">
     </resolver:DataConnector>
</file>

{{tag>archiv}}