The default language to write ScriptedAttributeDefinition is EcmaScript, but it's easy to switch to groovy.
First of all download latest groovy, unzip it, locate the groovy-x.x.x.jar and groovy-jsr223-x.x.x.jar and copy the in the webapp/WEB-INF/lib/ dir of the unpacked shibboleth-idp source. Install again shibboleth-idp.
As proof of concept, just rewrite the "email" attribute definition which is, in the distribution attribute-resolver.xml, a template attribute.
Modify attribute-resolver.xml to include:
The included script file is:
Copy it in the $IDP_HOME/script/ directory
In order to test it, just add: <logger name="org.example.idp.scripted.groovy" level="DEBUG"/> to logback.xml, be sure to reload both attribute-resolver (./bin/reload-service.sh -id shibboleth.AttributeResolverService) and logger (./bin/reload-service.sh -id shibboleth.LoggingService), and run a aacli call.
DEBUG [org.example.idp.scripted.groovy.email:13] - value: [a_user@example.org]
No comments:
Post a Comment