diff --git a/roles/shibboleth-sp/defaults/main.yml b/roles/shibboleth-sp/defaults/main.yml
index ad2c95f5..48abc9d8 100644
--- a/roles/shibboleth-sp/defaults/main.yml
+++ b/roles/shibboleth-sp/defaults/main.yml
@@ -145,9 +145,24 @@ shibboleth_sp_attribute_extractors:
reloadChanges: "false"
path: "attribute-map.xml"
+
+# In order to create the Shibboleth configuration below:
+#
+#
+# $1
+#
+#
+# the yaml structure should be the following:
shibboleth_sp_attribute_resolvers:
- type: "Query"
- subject_match: "true"
+ subjectMatch: "true"
+ - type: "Transform"
+ source: "eduPersonScopedAffiliation"
+ regex:
+ - value: "$1"
+ properties:
+ match: "^(.+)@(.+)"
+ dest: "eduPersonPrimaryAffiliation"
# The default settings can be overridden by creating ApplicationOverride
# elements. When you use virtual hosting, there is no special handler
diff --git a/roles/shibboleth-sp/templates/shibboleth2.xml.j2 b/roles/shibboleth-sp/templates/shibboleth2.xml.j2
index 2a7feac2..f63e477b 100644
--- a/roles/shibboleth-sp/templates/shibboleth2.xml.j2
+++ b/roles/shibboleth-sp/templates/shibboleth2.xml.j2
@@ -205,11 +205,21 @@
{% endfor %}
{% for resolver in shibboleth_sp_attribute_resolvers %}
-
+
+ {% if resolver.regex is defined %}
+ {% for regex_properties in resolver.regex -%}
+ {{ regex_properties.value | default('') }}
+ {% endfor %}
+ {%- endif -%}
+
{% endfor %}