Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- de:shibidp:config-custom-data-connector [2021/05/03 15:32] – ↷ Seite von de:shibidp3extdataconnector nach de:shibidp:config-custom-data-connector verschoben und umbenannt Silke Meyer
+++ de:shibidp:config-custom-data-connector [2025/05/28 09:28] (aktuell) – veralteten Text für IdPv3 gelöscht Doreen Liebenau
@@ Zeile 1: / Zeile 1: @@
-======Data Connector======
-<callout color="#ff9900" title="Archiv">
-Dieser Artikel ist ein Community-Beitrag für Shibboleth IdP 3.x. Es ist unklar, ob er für Shibboleth IdP 4.x so noch gilt.
-</callout>
-Um für den Shibboleth Identity Provider der Version 3 einen Datenkonnektor selbst zu schreiben, müssen bestimmte Klassen erweitert werden und eigne Namespaces erzeugt werden.
-===== Zu erweiternde Klassen =====
-   * Data Connector Klasse: <code>net.shibboleth.idp.attribute.resolver.AbstractDataConnector</code>
-   * Parser: <code>net.shibboleth.idp.attribute.resolver.spring.dc.AbstractDataConnectorParser</code>
-   * Namespace Handler: <code>net.shibboleth.ext.spring.util.BaseSpringNamespaceHandler</code>
-==== Namespace Schema das erweitert werden muss ====
-   * Namespace Schema: <code>urn:mace:shibboleth:2.0:resolver</code>
-Folgendes Beispiel implementiert das Attribut eduPersonTargetedId aus der Shibboleth Version 2.
-====Data Connector Beispiel: TargetedId====
-===Data connector Class===
-<file java TargetedIdSampleDataConnector.java>
-package org.example.shib_idp;
-...
-public class TargetedIdSampleDataConnector extends AbstractDataConnector {
-   private static final Logger LOG = LoggerFactory.getLogger(TargetedIdSampleDataConnector.class);
-   private final String salt = "A secret, random string.";
-   private String relyingPartyId;
-   @Override
-   protected Map<String, IdPAttribute> doDataConnectorResolve( AttributeResolutionContext resolutionContext,
-   AttributeResolverWorkContext workContext) throws ResolutionException {
-      // compute SHA-1 Hash for eduPersonTargetedId: entityId of requester + uid + "string ... "
-      relyingPartyId = resolutionContext.getAttributeRecipientID();
-      Map<String, IdPAttribute> result = new HashMap<String, IdPAttribute>();
-      String username = resolutionContext.getPrincipal();
-      IdPAttribute attribute = new IdPAttribute("eduPersonTargetedId");
-      result.put("eduPersonTargetedId", attribute);
-      List<IdPAttributeValue<?>> outputValues = new ArrayList<>(1);
-                outputValues.add(new StringAttributeValue(getTargetedId(username)));
-                attribute.setValues(outputValues);
-      LOG.debug("Data connector added attribute: eduPersonTargetedId[" + getTargetedId(username) + "]");
-      return result;
-   }
-   private String getTargetedId(final String source) throws ResolutionException{
-        try {
-            final MessageDigest md = MessageDigest.getInstance("SHA");
-            md.update(relyingPartyId.getBytes());
-            md.update((byte) '!');
-            md.update(source.getBytes());
-            md.update((byte) '!');
-            return Base64Support.encode(md.digest(salt.getBytes()), Base64Support.UNCHUNKED);
-        } catch (final NoSuchAlgorithmException e) {
-            LOG.error("Digest algorithm SHA is not supported");
-            throw new ResolutionException("Digest algorithm was not supported, unable to compute ID", e);
-        }
-   }
-}
-</file>
-===Data Connector Parser===
-<file java TargetedIdSampleDataConnectorParser.java>
-package org.example.shib_idp;
-...
-public class TargetedIdSampleDataConnectorParser extends AbstractDataConnectorParser {
-   public static final QName SCHEMA_NAME = new QName(TargetedIdSampleDataConnectorNamespaceHandler.NAMESPACE, "TargetedIdDataConnector");
-     /** {@inheritDoc} */
-    @Override protected Class<TargetedIdSampleDataConnector> getNativeBeanClass() {
-        return TargetedIdSampleDataConnector.class;
-    }
-   @Override
-   protected void doV2Parse(Element element, ParserContext parserContext,
-         BeanDefinitionBuilder builder) {
-      super.doParse(element, builder);
-   }
-}
-</file>
-===Data Connector Namespace Handler===
-<file java TargetedIdSampleDataConnectorNamespaceHandler.java>
-package org.example.shib_idp;
-import net.shibboleth.ext.spring.util.BaseSpringNamespaceHandler;
-public class TargetedIdSampleDataConnectorNamespaceHandler extends BaseSpringNamespaceHandler {
-    /** Namespace for this handler. */
-    public static String NAMESPACE = "urn:example.org:shibboleth:2.0:resolver";
-    /** {@inheritDoc} */
-   @Override
-   public void init() {
-        registerBeanDefinitionParser(TargetedIdSampleDataConnectorParser.SCHEMA_NAME,
-                new TargetedIdSampleDataConnectorParser());
-   }
-}
-</file>
-===Schema Erweiterung===
-   * Die Schema Erweiterung muss im *.jar File unter schema/myConnectors.xsd liegen
-<file xml schema/myConnectors.xsd>
-<?xml version="1.0" encoding="UTF-8"?>
-<schema targetNamespace="urn:example.org:shibboleth:2.0:resolver"
-        xmlns="http://www.w3.org/2001/XMLSchema"
-        xmlns:resolver="urn:mace:shibboleth:2.0:resolver"
-        elementFormDefault="qualified">
-    <import namespace="urn:mace:shibboleth:2.0:resolver"
-        schemaLocation="classpath:/schema/shibboleth-2.0-attribute-resolver.xsd" />
-    <complexType name="TargetedIdDataConnector">
-        <annotation>
-            <documentation>
-               Resolving eduPersonTargetedId as in version 2.
-            </documentation>
-        </annotation>
-        <complexContent>
-            <extension base="resolver:BaseDataConnectorType">
-            </extension>
-        </complexContent>
-    </complexType>
-</schema>
-</file>
-===Spring Schema File===
-   * Das Schema File muss im *.jar File unter META-INF/spring.schemas liegen
-<file properties META-INF/spring.schemas>
-urn\:example.org\:shibboleth\:2.0\:resolver = schema/myConnectors.xsd
-</file>
-===Spring Handler File===
-   * Das Handler File muss im *.jar File unter META-INF/spring.handlers liegen
-<file properties META-INF/spring.handlers>
-urn\:example.org\:shibboleth\:2.0\:resolver = org.example.shib_idp.TargetedIdSampleDataConnectorNamespaceHandler
-</file>
-===Plug-In installieren===
-   * Aus den angegebenen Dateien ein *.jar file generieren (am besten mit mvn)
-   * Dieses *.jar file in das lib Verzeichnis der Webapplication vom Shibboleth IdP kopieren.
-===Data Connector im Attribute Resolver benutzen===
-<file xml conf/attribute-resolver.xml>
- <resolver:AttributeResolver
-          xmlns:resolver="urn:mace:shibboleth:2.0:resolver"
-          xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc"
-          xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad"
-          xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc"
-          xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder"
-          xmlns:sec="urn:mace:shibboleth:2.0:security"
-          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-          xmlns:tid="urn:example.org:shibboleth:2.0:resolver"
-          xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
-                              urn:mace:shibboleth:2.0:resolver:pc http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-pc.xsd
-                              urn:mace:shibboleth:2.0:resolver:ad http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-ad.xsd
-                              urn:mace:shibboleth:2.0:resolver:dc http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-dc.xsd
-                              urn:mace:shibboleth:2.0:attribute:encoder http://shibboleth.net/schema/idp/shibboleth-attribute-encoder.xsd
-                              urn:example.org:shibboleth:2.0:resolver classpath:/schema/myConnectors.xsd
-                              urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd">
-...
-<!-- TargetedId DataConnector -->
-     <resolver:DataConnector id="myData" xsi:type="TargetedIdDataConnector" xmlns="urn:example.org:shibboleth:2.0:resolver">
-     </resolver:DataConnector>
-</file>
-{{tag>archiv}}