547
szerkesztés
Módosítások
nincs szerkesztési összefoglaló
Attributes are travelling on the wire in eduGAIN-defined format, ie. SAML. Naming attributes and defining their contents might be a standardization task of eduGAIN operators; however it should be possible for federations to agree on custom set of attributes ''beyond "eduGAIN commons"''.
Attribute Conversion only adds attributes (or values) to the attribute set; use [[JRA5AttributeFiltering JRA5AttributeConversion#Attribute_Filtering | Attribute Filtering]] for filtering out unnecessary attributes. It also means that if no rules match an attribute, then it will go to the filter unmodified - so conversion works with a '''default by-pass policy'''.
== Attribute conversion rule concepts==
Most of the rules are based on standard [http://en.wikipedia.org/wiki/Regular_expression regular expressions] and [http://en.wikipedia.org/wiki/Unified_Expression_Language Unified Expression Language].
== Integration ==
You can integrate Attribute Conversion and Filtering into your Bridging Element by using these java code snippets. (Of course, edugain.jar and converter.jar need to be placed on the classpath.)
=== Initialization time ===
This code is need needs to be invoked in BE initialization time (and not in runtime, as xml XML configuration parsing is a time-consuming process).
<source lang="java">
// get a reference to the AttributeConverterFactory singleton object AttributeConverterFactory factory = AttributeConverterFactory.getInstance(); // set the configuration file paths (which paths can be set in web.xml for example) factory.setAttributeConverterFilePath("path-to-converter.xml"); factory.setAttributeFilterFilePath("path-to-filter.xml"); factory.setAttributeNameMapperFilePath("path-to-namemapper.xml"); // create converter and filter objects try { AttributeConverter converter = factory.createAttributeConverter(); AttributeFilter filter = factory.createAttributeFilter(); } catch (ConfigurationException ex) { // handle configuration errors (missing files, not valid xmls and more issues) log.error(ex); }
</source>
=== Runtime ===
This code is invoked in BE runtime. You should have a List of AttributeValues, which was either received from the IdP or from the H-BE. You will get the output attribute set after invoking <code>process()</code> method. Note that <code>process()</code> takes two more arguments: <code>remote</code> and <code>local</code>. These represent the local and remote peers that your BE bridges together. Use of these identifiers is optional, you can pass <code>null</code>. {{ATTENTION_EN|If you do not pass <code>local</code> or <code>remote</code> then rules containing <code>LocalProviderMatch</code> or <code>RemoteProviderMatch</code> will '''NOT''' be executed.}}
<source lang="java">
String remote = "remote-federation-peer-identifier"; String local = "local-federation-peer-identifier"; // get Attributes from the assertion List<AttributeValues> input = ...; // Call converter and filter in order.// Home BE should call converter first, remote BE should call filter first.if (isHomeBE) { List<AttributeValues> output = converter.process(input, remote, local); output = filter.process(output, remote, local);} else { List<AttributeValues> output = filter.process(input, remote, local); output = converter.process(output, remote, local);}
// Call converter and filter in order. // Home BE should call converter first, remote BE should call filter first. if (isHomeBE) { List<AttributeValues> output = converter.process(input, remote, local); output = filter.process(output, remote, local); } else { List<AttributeValues> output = filter.process(input, remote, local); output = converter.process(output, remote, local); } // process output here, create new assertion, etc.
</source>
===== Home =====
===== Remote =====
[[Kategória: english]]
[[Kategória: AAI]]
