shibboleth: resolving attributes based on multiple LDAP attributes

Question

Using Shibboleth, is it possible to configure attribute-resolver.xml to set and release an attribute based on the existence of multiple LDAP attributes? For example, I want to release an "email" attribute to the service provider: if LDAP has an attribute and value for "email_2" then use that value ... otherwise use the value in LDAP attribute "email".

score 0 · Answer 1 · answered Oct 05 '16 at 21:33

I got it hashed out using an embedded script ....

<resolver:AttributeDefinition id="setEmail" xsi:type="ad:Script" dependencyOnly="true">
<resolver:Dependency ref="myLDAP" />
<ad:Script><![CDATA[
            importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
            setEmail = new BasicAttribute("setEmail");
            if(typeof alt_email != "undefined" && alt_email !=null)
            {
                  setEmail.getValues().add(alt_email.getValues().get(0));
            }
            else 
            {
                    setEmail.getValues().add(email.getValues().get(0));
            }
    ]]></ad:Script>

shibboleth: resolving attributes based on multiple LDAP attributes

1 Answers1