Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: fix wrong title for pairwise-id dataconnector

...

This references a DataConnector with id="computed" which you'll create using the next snippet (move it to the end of the attribute-resolver.xml file together with the other data connectors). Provided you already have a stable, non-recycled (not reassigned from one subject to another) internal identifier for your subjects stored in LDAP you can set that attribute name in the idp.persistentId.sourceAttribute property of the referenced config file , and it will also be used as the basis for the PairwiseID attribute. The configuration below also re-uses the salt configured in the property idp.persistentId.salt to generate a salted hash of the chosen source attribute as (local part of the) PairwiseID attribute value:

Code Block
languagexml
titleSubjectID amendment 1: Add interim attribute that combines MS-AD's UPN + whenCreatedDataConnector for PairwiseID
<DataConnector id="computed" xsi:type="ComputedId" generatedAttributeID="ComputedID"
               salt="%{idp.persistentId.salt}" algorithm="%{idp.persistentId.algorithm:SHA}"
               encoding="%{idp.persistentId.encoding:BASE32}">
    <InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}" />
</DataConnector>

Similarly to SubjectIDs above: If you don't have a stable, non-reassigned internal identifier in your Systems of Record (LDAP directory, relational database) and decided to fabricate one as – as shown in the examples for SubjectID above – you'll need to replace that DataConnector's dependency on the internal identifier with the custom one you created earlier, e.g.:

...