InCommon customizations

conf/attribute-resolver.xml

@@ -33,46 +33,54 @@ list of possible components and their options.
         <InputAttributeDefinition ref="uid" />
     </AttributeDefinition>
 
-    <!--
-    The uid is the closest thing to a "standard" LDAP attribute
-    representing a local username, but you should generally *never*
-    expose uid to federated services, as it is rarely globally unique.
-    -->
-    <AttributeDefinition id="uid" xsi:type="PrincipalName" />
-
-    <!--
-    In the rest of the world, the email address is the standard identifier,
-    despite the problems with that practice. Consider making the EPPN
-    value the same as your official email addresses whenever possible.
-    -->
-    <AttributeDefinition id="mail" xsi:type="Template">
-        <InputAttributeDefinition ref="uid" />
-        <Template>
-          <![CDATA[
-               ${uid}@example.org
-          ]]>
-        </Template>
+    <AttributeDefinition xsi:type="Prescoped" id="eduPersonPrincipalNamePrior">
+        <InputDataConnector ref="myLDAP" attributeNames="eduPersonPrincipalNamePrior"/>
     </AttributeDefinition>
 
-    <!--
-    This is an example of an attribute sourced from a data connector.
-    -->
-    <AttributeDefinition id="eduPersonScopedAffiliation" xsi:type="Scoped" scope="%{idp.scope}">
-        <InputDataConnector ref="staticAttributes" attributeNames="affiliation" />
+    <AttributeDefinition xsi:type="Scoped" id="eduPersonScopedAffiliation" scope="%{idp.scope}">
+        <InputDataConnector ref="myLDAP" attributeNames="eduPersonAffiliation"/>
     </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="eduPersonAssurance">
+        <InputDataConnector ref="myLDAP" attributeNames="eduPersonAssurance"/>
+    </AttributeDefinition>
+
 
 
     <!-- ========================================== -->
     <!--      Data Connectors                       -->
     <!-- ========================================== -->
-
-    <DataConnector id="staticAttributes" xsi:type="Static" exportAttributes="schacHomeOrganization">
-        <Attribute id="schacHomeOrganization">
-            <Value>%{idp.scope}</Value>
-        </Attribute>
-        <Attribute id="affiliation">
-            <Value>member</Value>
-        </Attribute>
+
+    <DataConnector id="myLDAP" xsi:type="LDAPDirectory"
+        ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
+        baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
+        principal="%{idp.attribute.resolver.LDAP.bindDN}"
+        principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
+        useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
+        startTLSTimeout="%{idp.attribute.resolver.LDAP.startTLSTimeout}"
+        connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
+        responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}"
+        connectionStrategy="%{idp.attribute.resolver.LDAP.connectionStrategy}"
+        noResultIsError="true"
+        multipleResultsIsError="true"
+        excludeResolutionPhases="c14n/attribute"
+        exportAttributes="uid mail displayName sn givenName departmentNumber employeeNumber eduPersonEntitlement eduPersonAssurance">
+        <FilterTemplate>
+            <![CDATA[
+                %{idp.attribute.resolver.LDAP.searchFilter}
+            ]]>
+        </FilterTemplate>
+        <ConnectionPool
+            minPoolSize="%{idp.pool.LDAP.minSize:3}"
+            maxPoolSize="%{idp.pool.LDAP.maxSize:10}"
+            blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
+            validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
+            validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}"
+            validateDN="%{idp.pool.LDAP.validateDN:}"
+            validateOnCheckout="%{idp.pool.LDAP.validateOnCheckout:false}"
+            validateFilter="%{idp.pool.LDAP.validateFilter:(objectClass=*)}"
+            prunePeriod="%{idp.pool.LDAP.prunePeriod:PT5M}"
+            expirationTime="%{idp.pool.LDAP.idleTime:PT10M}"/>
     </DataConnector>
 
 </AttributeResolver>