The default language to write ScriptedAttributeDefinition is EcmaScript, but it's easy to switch to groovy.
First of all download latest groovy, unzip it, locate the groovy-x.x.x.jar and groovy-jsr223-x.x.x.jar and copy the in the webapp/WEB-INF/lib/ dir of the unpacked shibboleth-idp source. Install again shibboleth-idp.
As proof of concept, just rewrite the "email" attribute definition which is, in the distribution attribute-resolver.xml, a template attribute.
Modify attribute-resolver.xml to include:
| <resolver:AttributeDefinition id="email" xsi:type="Script" language="groovy" xmlns="urn:mace:shibboleth:2.0:resolver:ad" > | |
| <resolver:Dependency ref="uid" /> | |
| <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" /> | |
| <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" /> | |
| <ScriptFile>%{idp.home}/script/mail.groovy</ScriptFile> | |
| </resolver:AttributeDefinition> |
The included script file is:
| import org.slf4j.* | |
| import net.shibboleth.idp.attribute.* | |
| logger = LoggerFactory.getLogger("org.example.idp.scripted.groovy.email") | |
| values = [] | |
| if ( uid && ! uid.getValues().empty ) | |
| { | |
| uid.getValues().each() { values.add "${it}@example.org" } | |
| } | |
| logger.debug("value: {}", values) | |
| values.each() { email.addValue it.toString() } |
Copy it in the $IDP_HOME/script/ directory
In order to test it, just add: <logger name="org.example.idp.scripted.groovy" level="DEBUG"/> to logback.xml, be sure to reload both attribute-resolver (./bin/reload-service.sh -id shibboleth.AttributeResolverService) and logger (./bin/reload-service.sh -id shibboleth.LoggingService), and run a aacli call.
DEBUG [org.example.idp.scripted.groovy.email:13] - value: [a_user@example.org]