Nächste Überarbeitung | Vorhergehende Überarbeitung |
de:attribute-resolver-example [2017/03/12 01:38] – angelegt Wolfgang Pempe | de:attribute-resolver-example [2020/05/11 16:12] (aktuell) – gelöscht Silke Meyer |
---|
| |
| |
<file xml ./conf/attribute-resolver.xml> | |
<?xml version="1.0" encoding="UTF-8"?> | |
<AttributeResolver | |
xmlns="urn:mace:shibboleth:2.0:resolver" | |
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd"> | |
| |
<!-- ========================================== --> | |
<!-- Attribute Definitions --> | |
<!-- ========================================== --> | |
| |
<!-- Attribute aus Userangaben --> | |
| |
<AttributeDefinition id="uid" xsi:type="PrincipalName"> | |
<DisplayName xml:lang="en">User Name</DisplayName> | |
<DisplayName xml:lang="de">Nutzerkennung</DisplayName> | |
<DisplayDescription xml:lang="en">Local User Id</DisplayDescription> | |
<DisplayDescription xml:lang="de">Nutzerkennung der Heimateinrichtung</DisplayDescription> | |
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:uid" encodeType="false" /> | |
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" /> | |
</AttributeDefinition> | |
| |
<AttributeDefinition id="eduPersonPrincipalName" xsi:type="Scoped" scope="%{idp.scope}" sourceAttributeID="uid"> | |
<Dependency ref="uid" /> | |
<DisplayName xml:lang="en">Principal name</DisplayName> | |
<DisplayName xml:lang="de">Netz-Id</DisplayName> | |
<DisplayDescription xml:lang="en">A unique identifier for a person, mainly for inter-institutional user identification</DisplayDescription> | |
<DisplayDescription xml:lang="de">Eindeutige, einrichtungsübergreifende Nutzerkennung</DisplayDescription> | |
<AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" /> | |
<AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" /> | |
</AttributeDefinition> | |
| |
<!--- Attribute aus dem IdM --> | |
| |
<AttributeDefinition id="mail" xsi:type="Simple" sourceAttributeID="mail"> | |
<Dependency ref="myLDAP" /> | |
<DisplayName xml:lang="en">E-mail</DisplayName> | |
<DisplayName xml:lang="de">E-Mail</DisplayName> | |
<DisplayDescription xml:lang="en">E-Mail address</DisplayDescription> | |
<DisplayDescription xml:lang="de">E-Mail Adresse</DisplayDescription> | |
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" /> | |
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" /> | |
</AttributeDefinition> | |
| |
<AttributeDefinition id="surname" xsi:type="Simple" sourceAttributeID="sn"> | |
<Dependency ref="myLDAP" /> | |
<DisplayName xml:lang="en">Surname</DisplayName> | |
<DisplayName xml:lang="de">Nachname</DisplayName> | |
<DisplayDescription xml:lang="en">Surname or family name</DisplayDescription> | |
<DisplayDescription xml:lang="de">Familienname des Nutzers bzw. der Nutzerin</DisplayDescription> | |
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:sn" encodeType="false" /> | |
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.4" friendlyName="sn" encodeType="false" /> | |
</AttributeDefinition> | |
| |
<AttributeDefinition id="givenName" xsi:type="Simple" sourceAttributeID="givenName"> | |
<Dependency ref="myLDAP" /> | |
<DisplayName xml:lang="en">Given name</DisplayName> | |
<DisplayName xml:lang="de">Vorname</DisplayName> | |
<DisplayDescription xml:lang="en">Given name of a person</DisplayDescription> | |
<DisplayDescription xml:lang="de">Vorname des Nutzers bzw. der Nutzerin</DisplayDescription> | |
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:givenName" encodeType="false" /> | |
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.42" friendlyName="givenName" encodeType="false" /> | |
</AttributeDefinition> | |
| |
| |
<!-- ========================================== --> | |
<!-- Data Connectors --> | |
<!-- ========================================== --> | |
| |
<DataConnector id="myLDAP" xsi:type="LDAPDirectory" | |
ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}" | |
baseDN="%{idp.attribute.resolver.LDAP.baseDN}" | |
principal="%{idp.attribute.resolver.LDAP.bindDN}" | |
principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}" | |
useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}" | |
connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}" | |
trustFile="%{idp.attribute.resolver.LDAP.trustCertificates}" | |
responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}"> | |
<FilterTemplate> | |
<![CDATA[ | |
%{idp.attribute.resolver.LDAP.searchFilter} | |
]]> | |
</FilterTemplate> | |
<ConnectionPool | |
minPoolSize="%{idp.pool.LDAP.minSize:3}" | |
maxPoolSize="%{idp.pool.LDAP.maxSize:10}" | |
blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}" | |
validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}" | |
validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}" | |
expirationTime="%{idp.pool.LDAP.idleTime:PT10M}" | |
failFastInitialize="%{idp.pool.LDAP.failFastInitialize:false}" /> | |
</DataConnector> | |
| |
</AttributeResolver> | |
</file> | |