Dies ist eine alte Version des Dokuments!


Data Connector

Um für den Shibboleth Identity Provider der Version 3 einen Datenkonnektor selbst zu schreiben, müssen bestimmte Klassen erweitert werden und eigne Namespaces Erzeugt werden.

  • die Data Connector Klasse selbst:
    net.shibboleth.idp.attribute.resolver.AbstractDataConnector
  • der Parser:
    net.shibboleth.idp.attribute.resolver.spring.dc.AbstractDataConnectorParser
  • der Namespace Handler:
    net.shibboleth.ext.spring.util.BaseSpringNamespaceHandler
  • Namespace Schema:
    urn:mace:shibboleth:2.0:resolver

Folgendes Beispiel implementiert das Attribut eduPersonTargetedId aus der Shibboleth Version 2.

Data Connector Beispiel: TargetedId

Data connector Class
TargetedIdSampleDataConnector.java
package org.example.shib_idp;
...
public class TargetedIdSampleDataConnector extends AbstractDataConnector {
 
   private static final Logger LOG = LoggerFactory.getLogger(TargetedIdSampleDataConnector.class);
   private final String salt = "A secret, random string.";
   private String relyingPartyId;
 
   @Override
   protected Map<String, IdPAttribute> doDataConnectorResolve( AttributeResolutionContext resolutionContext, 
   AttributeResolverWorkContext workContext) throws ResolutionException {
      // compute SHA-1 Hash for eduPersonTargetedId: entityId of requester + uid + "string ... "
      relyingPartyId = resolutionContext.getAttributeRecipientID();
      Map<String, IdPAttribute> result = new HashMap<String, IdPAttribute>();
      String username = resolutionContext.getPrincipal();
 
      IdPAttribute attribute = new IdPAttribute("eduPersonTargetedId");
      result.put("eduPersonTargetedId", attribute);
      List<IdPAttributeValue<?>> outputValues = new ArrayList<>(1);
                outputValues.add(new StringAttributeValue(getTargetedId(username)));
                attribute.setValues(outputValues);
      LOG.debug("Data connector added attribute: eduPersonTargetedId[" + getTargetedId(username) + "]");
 
      return result;
   }
 
   private String getTargetedId(final String source) throws ResolutionException{
        try {
            final MessageDigest md = MessageDigest.getInstance("SHA");
            md.update(relyingPartyId.getBytes());
            md.update((byte) '!');
            md.update(source.getBytes());
            md.update((byte) '!');
 
            return Base64Support.encode(md.digest(salt.getBytes()), Base64Support.UNCHUNKED);
        } catch (final NoSuchAlgorithmException e) {
            LOG.error("Digest algorithm SHA is not supported");
            throw new ResolutionException("Digest algorithm was not supported, unable to compute ID", e);
        }
   }
}
  • Zuletzt geändert: vor 4 Jahren