Dies ist eine alte Version des Dokuments!
- ./conf/attribute-resolver.xml
<?xml version="1.0" encoding="UTF-8"?> <AttributeResolver xmlns="urn:mace:shibboleth:2.0:resolver" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd"> <!-- ========================================== --> <!-- Attribute Definitions --> <!-- ========================================== --> <!-- Attribute aus Userangaben --> <AttributeDefinition id="uid" xsi:type="PrincipalName"> <DisplayName xml:lang="en">User Name</DisplayName> <DisplayName xml:lang="de">Nutzerkennung</DisplayName> <DisplayDescription xml:lang="en">Local User Id</DisplayDescription> <DisplayDescription xml:lang="de">Nutzerkennung der Heimateinrichtung</DisplayDescription> <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:uid" encodeType="false" /> <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" /> </AttributeDefinition> <AttributeDefinition id="eduPersonPrincipalName" xsi:type="Scoped" scope="%{idp.scope}" sourceAttributeID="uid"> <Dependency ref="uid" /> <DisplayName xml:lang="en">Principal name</DisplayName> <DisplayName xml:lang="de">Netz-Id</DisplayName> <DisplayDescription xml:lang="en">A unique identifier for a person, mainly for inter-institutional user identification</DisplayDescription> <DisplayDescription xml:lang="de">Eindeutige, einrichtungsübergreifende Nutzerkennung</DisplayDescription> <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" /> <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" /> </AttributeDefinition> <!--- Attribute aus dem IdM --> <AttributeDefinition id="mail" xsi:type="Simple" sourceAttributeID="mail"> <Dependency ref="myLDAP" /> <DisplayName xml:lang="en">E-mail</DisplayName> <DisplayName xml:lang="de">E-Mail</DisplayName> <DisplayDescription xml:lang="en">E-Mail address</DisplayDescription> <DisplayDescription xml:lang="de">E-Mail Adresse</DisplayDescription> <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" /> <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" /> </AttributeDefinition> <AttributeDefinition id="surname" xsi:type="Simple" sourceAttributeID="sn"> <Dependency ref="myLDAP" /> <DisplayName xml:lang="en">Surname</DisplayName> <DisplayName xml:lang="de">Nachname</DisplayName> <DisplayDescription xml:lang="en">Surname or family name</DisplayDescription> <DisplayDescription xml:lang="de">Familienname des Nutzers bzw. der Nutzerin</DisplayDescription> <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:sn" encodeType="false" /> <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.4" friendlyName="sn" encodeType="false" /> </AttributeDefinition> <AttributeDefinition id="givenName" xsi:type="Simple" sourceAttributeID="givenName"> <Dependency ref="myLDAP" /> <DisplayName xml:lang="en">Given name</DisplayName> <DisplayName xml:lang="de">Vorname</DisplayName> <DisplayDescription xml:lang="en">Given name of a person</DisplayDescription> <DisplayDescription xml:lang="de">Vorname des Nutzers bzw. der Nutzerin</DisplayDescription> <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:givenName" encodeType="false" /> <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.42" friendlyName="givenName" encodeType="false" /> </AttributeDefinition> <!-- ========================================== --> <!-- Data Connectors --> <!-- ========================================== --> <DataConnector id="myLDAP" xsi:type="LDAPDirectory" ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}" baseDN="%{idp.attribute.resolver.LDAP.baseDN}" principal="%{idp.attribute.resolver.LDAP.bindDN}" principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}" useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}" connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}" trustFile="%{idp.attribute.resolver.LDAP.trustCertificates}" responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}"> <FilterTemplate> <![CDATA[ %{idp.attribute.resolver.LDAP.searchFilter} ]]> </FilterTemplate> <ConnectionPool minPoolSize="%{idp.pool.LDAP.minSize:3}" maxPoolSize="%{idp.pool.LDAP.maxSize:10}" blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}" validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}" validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}" expirationTime="%{idp.pool.LDAP.idleTime:PT10M}" failFastInitialize="%{idp.pool.LDAP.failFastInitialize:false}" /> </DataConnector> </AttributeResolver>