Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Loading status checks…
Prevent doubled attribute release values
@credman
credman committed Sep 6, 2023
1 parent 8731369 commit 50f4fb8
Showing 2 changed files with 13 additions and 113 deletions.
2 changes: 1 addition & 1 deletion base/container_files/shibboleth-idp/conf/attribute-filter.xml
View file
@@ -53,7 +53,7 @@
<PermitValueRule xsi:type="ANY" />
</AttributeRule>

<AttributeRule attributeID="surname">
<AttributeRule attributeID="sn">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>

124 changes: 12 additions & 112 deletions base/container_files/shibboleth-idp/conf/attribute-resolver.xml
View file
@@ -23,248 +23,153 @@
<!-- ========================================== -->

<!-- Schema: Core schema attributes-->
<AttributeDefinition id="cn" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="cn"/>
</AttributeDefinition>

<AttributeDefinition id="uid" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="uid"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:uid" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="mail" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="mail"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="homePhone" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="homePhone"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:homePhone" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.20" friendlyName="homePhone" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="homePostalAddress" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="homePostalAddress"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:homePostalAddress" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.39" friendlyName="homePostalAddress" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="mobileNumber" xsi:type="Simple">
<AttributeDefinition id="mobile" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="mobile"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mobile" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.41" friendlyName="mobile" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="pagerNumber" xsi:type="Simple">
<AttributeDefinition id="pager" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="pager"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:pager" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.42" friendlyName="pager" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="surname" xsi:type="Simple">
<AttributeDefinition id="sn" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="sn"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:sn" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.4" friendlyName="sn" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="locality" xsi:type="Simple">
<AttributeDefinition id="l" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="l"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:l" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.7" friendlyName="l" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="stateProvince" xsi:type="Simple">
<AttributeDefinition id="st" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="st"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:st" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.8" friendlyName="st" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="street" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="street"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:street" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.9" friendlyName="street" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="organizationName" xsi:type="Simple">
<AttributeDefinition id="o" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="o"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:o" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.10" friendlyName="o" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="organizationalUnit" xsi:type="Simple">
<AttributeDefinition id="ou" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="ou"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:ou" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.11" friendlyName="ou" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="title" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="title"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:title" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.12" friendlyName="title" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="postalAddress" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="postalAddress"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:postalAddress" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.16" friendlyName="postalAddress" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="postalCode" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="postalCode"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:postalCode" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.17" friendlyName="postalCode" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="postOfficeBox" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="postOfficeBox"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:postOfficeBox" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.18" friendlyName="postOfficeBox" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="telephoneNumber" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="telephoneNumber"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:telephoneNumber" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.20" friendlyName="telephoneNumber" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="givenName" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="givenName"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:givenName" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.42" friendlyName="givenName" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="initials" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="initials"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:initials" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.43" friendlyName="initials" encodeType="false" />
</AttributeDefinition>


<!-- Schema: inetOrgPerson attributes-->

<AttributeDefinition id="departmentNumber" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="departmentNumber"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:departmentNumber" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.2" friendlyName="departmentNumber" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="displayName" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="displayName"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:displayName" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.241" friendlyName="displayName" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="employeeNumber" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="employeeNumber"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:employeeNumber" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.3" friendlyName="employeeNumber" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="employeeType" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="employeeType"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:employeeType" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.4" friendlyName="employeeType" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="jpegPhoto" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="jpegPhoto"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:jpegPhoto" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.60" friendlyName="jpegPhoto" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="preferredLanguage" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="preferredLanguage"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:preferredLanguage" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.39" friendlyName="preferredLanguage" encodeType="false" />
</AttributeDefinition>


<!-- Schema: eduPerson attributes -->

<AttributeDefinition id="eduPersonAffiliation" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonAffiliation"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonAffiliation" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" friendlyName="eduPersonAffiliation" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="eduPersonEntitlement" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonEntitlement"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonEntitlement" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="eduPersonNickname" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonNickname"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonNickname" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" friendlyName="eduPersonNickname" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="eduPersonPrimaryAffiliation" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonPrimaryAffiliation"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" friendlyName="eduPersonPrimaryAffiliation" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="eduPersonUniqueId" xsi:type="Scoped" scope="%{idp.scope}">
<InputDataConnector ref="myLDAP" attributeNames="localUniqueId"/>
<AttributeEncoder xsi:type="SAML1ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" encodeType="false" />
<AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" friendlyName="eduPersonUniqueId" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="eduPersonPrincipalName" xsi:type="Scoped" scope="%{idp.scope}">
<InputDataConnector ref="myLDAP" attributeNames="uid"/>
<AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />
<AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="eduPersonPrincipalNamePrior" xsi:type="Prescoped">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonPrincipalNamePrior"/>
<AttributeEncoder xsi:type="SAML1ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.12" encodeType="false" />
<AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.12" friendlyName="eduPersonPrincipalNamePrior" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="eduPersonScopedAffiliation" xsi:type="Scoped" scope="%{idp.scope}">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonAffiliation"/>
<AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" encodeType="false" />
<AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="eduPersonAssurance" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonAssurance"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonAssurance" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" friendlyName="eduPersonAssurance" encodeType="false" />
</AttributeDefinition>


<!-- ========================================== -->
<!-- Data Connectors -->
<!-- ========================================== -->

<!-- Example Static Connector -->
<!--
<DataConnector id="staticAttributes" xsi:type="Static">
<Attribute id="eduPersonAffiliation">
<Value>member</Value>
</Attribute>
</DataConnector>
-->

<!-- Example Relational Database Connector -->
<!--
<DataConnector id="mySIS" xsi:type="RelationalDatabase">
<ApplicationManagedConnection jdbcDriver="oracle.jdbc.driver.OracleDriver"
jdbcURL="jdbc:oracle:thin:@db.example.org:1521:SomeDB"
jdbcUserName="myid"
jdbcPassword="mypassword" />
<QueryTemplate>
<![CDATA[
SELECT * FROM student WHERE gzbtpid = '$requestContext.principalName'
]]>
</QueryTemplate>
<Column columnName="gzbtpid" attributeID="uid" />
<Column columnName="fqlft" attributeID="gpa" />
</DataConnector>
-->

<DataConnector id="myLDAP" xsi:type="LDAPDirectory"
ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
@@ -276,11 +181,6 @@
%{idp.attribute.resolver.LDAP.searchFilter}
]]>
</FilterTemplate>
<!--
<StartTLSTrustCredential id="LDAPtoIdPCredential" xsi:type="X509ResourceBacked">
<Certificate>%{idp.attribute.resolver.LDAP.trustCertificates}</Certificate>
</StartTLSTrustCredential>
-->
</DataConnector>

</AttributeResolver>

0 comments on commit 50f4fb8

Please sign in to comment.