Versionen im Vergleich

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatting was changed.

...

Codeblock
titleeduPersonEntitlements per Script erzeugen (Java8/Nashorn)
languagehtml/xml
<AttributeDefinition id="eduPersonEntitlement" xsi:type="ScriptedAttribute" >
    <Dependency ref="myLDAP" />
    <Dependency ref="MappedEntitlements" />
    <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonEntitlement" encodeType="false" />
    <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" encodeType="false" />
    <Script><![CDATA[
var logger = Java.type("org.slf4j.LoggerFactory").getLogger("net.shibboleth.idp.attribute.resolver.script.usidiscount");
if (typeof schacDateOfBirth == "undefined" || schacDateOfBirth.getValues().size() < 1) {
  logger.debug("no schacDateOfBirth, ignoring");
} else {
  var dob = schacDateOfBirth.getValues().get(0);
  logger.trace("schacDateOfBirth is " + dob);
  var LocalDate  = Java.type("java.time.LocalDate");
  dob   = LocalDate.of(dob.slice(0,4), dob.slice(4,6), dob.slice(6,8));
  logger.trace("parsed dob is " + dob);
  var age = Java.type("java.time.Period").between(dob, LocalDate.now()).getYears();
  logger.trace("age is " + age);
  if (age <= 25) {
    logger.debug("age is within USI limits, adding USI-entitlement");
    logger.trace("eduPersonEntitlement had values " + eduPersonEntitlement.getValues());
    eduPersonEntitlement.addValue("http://usi.at/student-discount");
    logger.trace("eduPersonEntitlement has values " + eduPersonEntitlement.getValues());
  } else {
    logger.debug("age is not within USI limits, doing nothing");
  }
}
]]></Script>
</AttributeDefinition>
 
<!-- Beispiel fuer "MappedEntitlements" -->
<AttributeDefinition id="MappedEntitlements" xsi:type="Mapped" sourceAttributeID="eduPersonAffiliation">
    <Dependency ref="eduPersonAffiliation" />
    <ValueMap>
        <ReturnValue>urn:mace:dir:entitlement:common-lib-terms</ReturnValue>
        <SourceValue>member</SourceValue>
    </ValueMap>
    <ValueMap>
        <ReturnValue>urn:mace:terena.org:tcs:personal-user</ReturnValue>
        <SourceValue>member</SourceValue>
    </ValueMap>
</AttributeDefinition>

...