547
szerkesztés
Módosítások
nincs szerkesztési összefoglaló
{{TRASH}}
When a Home Bridging Element releases local attributes to a Remote Bridging Element, some attribute transformation and attribute filtering should take place. Similarly, Remote BE has to filter out unnecessary/unwanted attributes and transform the remaining according to its federation's rules.
Shibboleth2 has a number of built-in <code>AttributeDefinition</code>s:
* [https://spaceswiki.internet2shibboleth.edunet/confluence/display/SHIB2/ResolverSimpleAttributeDefinition SimpleAttributeDefinition]: pass through the retrieved value of the attribute* [https://spaceswiki.internet2shibboleth.edunet/confluence/display/SHIB2/ResolverScopedAttributeDefinition ScopedAttributeDefinition]: append a scope to the attribute value* [https://spaceswiki.internet2shibboleth.edunet/confluence/display/SHIB2/ResolverTemplateAttributeDefinition TemplateAttributeDefinition]: sets value based on an arbitrary template of constant string and other attributes* [https://spaceswiki.internet2shibboleth.edunet/confluence/display/SHIB2/ResolverMappedAttributeDefinition MappedAttributeDefinition]: sets value according to conditions on (possibly other) attribute values* [https://spaceswiki.internet2shibboleth.edunet/confluence/display/SHIB2/ResolverScriptAttributeDefinition ScriptedAttributeDefinition]: execute a [https://scripting.dev.java.net/ JSR-223] (Java) script to determine the attribute value. This script gets the context information in <code>requestContext</code> variable.
* ... and some others ...
==== Hooking into EduGAIN ====
* Amount of code needs to be included into eduGainBase is unknown. Worst case: whole Java Shibboleth library (<code>edu.internet2.middleware.shibboleth.common.*</code>)
== Filtering ==
Both HBE and RBE need to filter the set of attributes released and accepted.
Shibboleth2 comes with a filtering code that is the same both for the attribute publisher and the consumer. Filtering rules may be based on (among others):
* requester/issuer
* attribute values
* authentication context
