Um für den Shibboleth Identity Provider der Version 3 einen Datenkonnektor selbst zu schreiben, müssen bestimmte Klassen erweitert werden und eigne Namespaces erzeugt werden.
net.shibboleth.idp.attribute.resolver.AbstractDataConnector
net.shibboleth.idp.attribute.resolver.spring.dc.AbstractDataConnectorParser
net.shibboleth.ext.spring.util.BaseSpringNamespaceHandler
urn:mace:shibboleth:2.0:resolver
Folgendes Beispiel implementiert das Attribut eduPersonTargetedId aus der Shibboleth Version 2.
package org.example.shib_idp; ... public class TargetedIdSampleDataConnector extends AbstractDataConnector { private static final Logger LOG = LoggerFactory.getLogger(TargetedIdSampleDataConnector.class); private final String salt = "A secret, random string."; private String relyingPartyId; @Override protected Map<String, IdPAttribute> doDataConnectorResolve( AttributeResolutionContext resolutionContext, AttributeResolverWorkContext workContext) throws ResolutionException { // compute SHA-1 Hash for eduPersonTargetedId: entityId of requester + uid + "string ... " relyingPartyId = resolutionContext.getAttributeRecipientID(); Map<String, IdPAttribute> result = new HashMap<String, IdPAttribute>(); String username = resolutionContext.getPrincipal(); IdPAttribute attribute = new IdPAttribute("eduPersonTargetedId"); result.put("eduPersonTargetedId", attribute); List<IdPAttributeValue<?>> outputValues = new ArrayList<>(1); outputValues.add(new StringAttributeValue(getTargetedId(username))); attribute.setValues(outputValues); LOG.debug("Data connector added attribute: eduPersonTargetedId[" + getTargetedId(username) + "]"); return result; } private String getTargetedId(final String source) throws ResolutionException{ try { final MessageDigest md = MessageDigest.getInstance("SHA"); md.update(relyingPartyId.getBytes()); md.update((byte) '!'); md.update(source.getBytes()); md.update((byte) '!'); return Base64Support.encode(md.digest(salt.getBytes()), Base64Support.UNCHUNKED); } catch (final NoSuchAlgorithmException e) { LOG.error("Digest algorithm SHA is not supported"); throw new ResolutionException("Digest algorithm was not supported, unable to compute ID", e); } } }
package org.example.shib_idp; ... public class TargetedIdSampleDataConnectorParser extends AbstractDataConnectorParser { public static final QName SCHEMA_NAME = new QName(TargetedIdSampleDataConnectorNamespaceHandler.NAMESPACE, "TargetedIdDataConnector"); /** {@inheritDoc} */ @Override protected Class<TargetedIdSampleDataConnector> getNativeBeanClass() { return TargetedIdSampleDataConnector.class; } @Override protected void doV2Parse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) { super.doParse(element, builder); } }
package org.example.shib_idp; import net.shibboleth.ext.spring.util.BaseSpringNamespaceHandler; public class TargetedIdSampleDataConnectorNamespaceHandler extends BaseSpringNamespaceHandler { /** Namespace for this handler. */ public static String NAMESPACE = "urn:example.org:shibboleth:2.0:resolver"; /** {@inheritDoc} */ @Override public void init() { registerBeanDefinitionParser(TargetedIdSampleDataConnectorParser.SCHEMA_NAME, new TargetedIdSampleDataConnectorParser()); } }
<?xml version="1.0" encoding="UTF-8"?> <schema targetNamespace="urn:example.org:shibboleth:2.0:resolver" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:resolver="urn:mace:shibboleth:2.0:resolver" elementFormDefault="qualified"> <import namespace="urn:mace:shibboleth:2.0:resolver" schemaLocation="classpath:/schema/shibboleth-2.0-attribute-resolver.xsd" /> <complexType name="TargetedIdDataConnector"> <annotation> <documentation> Resolving eduPersonTargetedId as in version 2. </documentation> </annotation> <complexContent> <extension base="resolver:BaseDataConnectorType"> </extension> </complexContent> </complexType> </schema>
urn\:example.org\:shibboleth\:2.0\:resolver = schema/myConnectors.xsd
urn\:example.org\:shibboleth\:2.0\:resolver = org.example.shib_idp.TargetedIdSampleDataConnectorNamespaceHandler
<resolver:AttributeResolver xmlns:resolver="urn:mace:shibboleth:2.0:resolver" xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc" xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad" xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc" xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder" xmlns:sec="urn:mace:shibboleth:2.0:security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tid="urn:example.org:shibboleth:2.0:resolver" xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd urn:mace:shibboleth:2.0:resolver:pc http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-pc.xsd urn:mace:shibboleth:2.0:resolver:ad http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-ad.xsd urn:mace:shibboleth:2.0:resolver:dc http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-dc.xsd urn:mace:shibboleth:2.0:attribute:encoder http://shibboleth.net/schema/idp/shibboleth-attribute-encoder.xsd urn:example.org:shibboleth:2.0:resolver classpath:/schema/myConnectors.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd"> ... <!-- TargetedId DataConnector --> <resolver:DataConnector id="myData" xsi:type="TargetedIdDataConnector" xmlns="urn:example.org:shibboleth:2.0:resolver"> </resolver:DataConnector>