86 lines
4.3 KiB
XML
86 lines
4.3 KiB
XML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
|
||
|
<AttributeResolver
|
||
|
xmlns="urn:mace:shibboleth:2.0:resolver"
|
||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||
|
xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd">
|
||
|
|
||
|
|
||
|
<!-- ========================================== -->
|
||
|
<!-- Attribute Definitions -->
|
||
|
<!-- ========================================== -->
|
||
|
<AttributeDefinition id="uid" xsi:type="Simple">
|
||
|
<InputDataConnector ref="myLDAP" attributeNames="uid" />
|
||
|
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" />
|
||
|
</AttributeDefinition>
|
||
|
|
||
|
<AttributeDefinition id="mail" xsi:type="Simple" >
|
||
|
<InputDataConnector ref="myLDAP" attributeNames="mail" />
|
||
|
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
|
||
|
</AttributeDefinition>
|
||
|
|
||
|
<AttributeDefinition id="cn" xsi:type="Simple">
|
||
|
<InputDataConnector ref="myLDAP" attributeNames="cn" />
|
||
|
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.3" friendlyName="displayName" encodeType="false" />
|
||
|
</AttributeDefinition>
|
||
|
|
||
|
<AttributeDefinition id="groupMembership" xsi:type="Simple">
|
||
|
<InputDataConnector ref="SearchGroupLDAP" attributeNames="cn" />
|
||
|
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113719.1.1.4.1.25" friendlyName="groupMembership" encodeType="false" />
|
||
|
</AttributeDefinition>
|
||
|
<!-- ========================================== -->
|
||
|
<!-- Data Connectors -->
|
||
|
<!-- ========================================== -->
|
||
|
<DataConnector id="myLDAP" xsi:type="LDAPDirectory"
|
||
|
ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
|
||
|
baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
|
||
|
principal="%{idp.attribute.resolver.LDAP.bindDN}"
|
||
|
principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
|
||
|
useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
|
||
|
connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
|
||
|
trustFile="%{idp.attribute.resolver.LDAP.trustCertificates}"
|
||
|
responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}">
|
||
|
<FilterTemplate>
|
||
|
<![CDATA[
|
||
|
(uid=$resolutionContext.principal)
|
||
|
]]>
|
||
|
</FilterTemplate>
|
||
|
<ConnectionPool
|
||
|
minPoolSize="%{idp.pool.LDAP.minSize:3}"
|
||
|
maxPoolSize="%{idp.pool.LDAP.maxSize:10}"
|
||
|
blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
|
||
|
validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
|
||
|
validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}"
|
||
|
expirationTime="%{idp.pool.LDAP.idleTime:PT10M}"
|
||
|
failFastInitialize="%{idp.pool.LDAP.failFastInitialize:false}" />
|
||
|
<ReturnAttributes>uid mail cn</ReturnAttributes>
|
||
|
</DataConnector>
|
||
|
|
||
|
<DataConnector id="SearchGroupLDAP" xsi:type="LDAPDirectory"
|
||
|
ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
|
||
|
baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
|
||
|
principal="%{idp.attribute.resolver.LDAP.bindDN}"
|
||
|
principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
|
||
|
useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
|
||
|
connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
|
||
|
trustFile="%{idp.attribute.resolver.LDAP.trustCertificates}"
|
||
|
maxResultSize="1000"
|
||
|
responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}">
|
||
|
<FilterTemplate>
|
||
|
<![CDATA[
|
||
|
(&(objectclass=posixGroup)(memberUid=$resolutionContext.principal))
|
||
|
]]>
|
||
|
</FilterTemplate>
|
||
|
<ConnectionPool
|
||
|
minPoolSize="%{idp.pool.LDAP.minSize:3}"
|
||
|
maxPoolSize="%{idp.pool.LDAP.maxSize:10}"
|
||
|
blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
|
||
|
validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
|
||
|
validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}"
|
||
|
expirationTime="%{idp.pool.LDAP.idleTime:PT10M}"
|
||
|
failFastInitialize="%{idp.pool.LDAP.failFastInitialize:false}" />
|
||
|
<ReturnAttributes>cn</ReturnAttributes>
|
||
|
</DataConnector>
|
||
|
|
||
|
</AttributeResolver>
|