565
szerkesztés
Módosítások
→Using name mapper
CustomRule class must implement the net.geant.edugain.attributes.rules.Rule interface, configuration can be read with the DOM API. Please refer to the Attribute Converter JavaDOC, and see the test package as it containes a sample implementation.
== Using attribute name mapper ==In order to archieve interoperability, the SAML AttributeStatement carries attribute names with URN-style attribute naming scheme. For example, the 'mail' logical attribute name can be named as 'urn:mace:dir:attribute-def:mail', or 'urn:oid:0.9.2342.19200300.100.1.3'. Shibboleth2 further encourages federations to use the latter form (ie. the LDAP oid). The eduGAIN Attribute Converter library comes with AttributeName mapping subsystem. With the help of the attribute name mapper, '''system administrators can write the attribute converter configuration independently of the currently used AttributeStatement Attribute name format'''. === Attribute name mapper concepts ===As the attribute conversion sits between two federations (and probably two attribute naming schemes), there are two types of physical attributes: the 'input' and 'output' attributes. Note that these notation is different in Home and Remote BEs: Home BE releases attributes to the eduGAIN federation, Remote BE releases attributes to the local federation. '''So the eduGAIN format is the 'output' attribute format of the Home BE, and the 'input' format of the Remote BE.''' The following example shows the difference between logical and physical attribute names. {| border="1"|+ '''Input and output attribute names'''! Physical input attribute name !! Logical attribute name !! Physical output attribute name|-|urn:mace:dir:attribute-def:mail|rowspan="2"| '''mail'''|rowspan="2"| urn:mace:dir:attribute-def:mail|-|urn:oid:0.9.2342.19200300.100.1.3|-|} === Configuration of the attribute name mapper ===
== Testing ==
=== XMLTest.sh ===
=== Real-life examples ===
