From c87fb3c7976997fc64da23c129a46094ea611c66 Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Wed, 9 Mar 2022 15:01:34 +0200 Subject: [PATCH] Support multiple configurations for AttributeResolver Shibboleth plugin --- roles/shibboleth-sp/defaults/main.yml | 17 +++++++++++++++- .../templates/shibboleth2.xml.j2 | 20 ++++++++++++++----- 2 files changed, 31 insertions(+), 6 deletions(-) diff --git a/roles/shibboleth-sp/defaults/main.yml b/roles/shibboleth-sp/defaults/main.yml index ad2c95f5..48abc9d8 100644 --- a/roles/shibboleth-sp/defaults/main.yml +++ b/roles/shibboleth-sp/defaults/main.yml @@ -145,9 +145,24 @@ shibboleth_sp_attribute_extractors: reloadChanges: "false" path: "attribute-map.xml" + +# In order to create the Shibboleth configuration below: +# +# +# $1 +# +# +# the yaml structure should be the following: shibboleth_sp_attribute_resolvers: - type: "Query" - subject_match: "true" + subjectMatch: "true" + - type: "Transform" + source: "eduPersonScopedAffiliation" + regex: + - value: "$1" + properties: + match: "^(.+)@(.+)" + dest: "eduPersonPrimaryAffiliation" # The default settings can be overridden by creating ApplicationOverride # elements. When you use virtual hosting, there is no special handler diff --git a/roles/shibboleth-sp/templates/shibboleth2.xml.j2 b/roles/shibboleth-sp/templates/shibboleth2.xml.j2 index 2a7feac2..f63e477b 100644 --- a/roles/shibboleth-sp/templates/shibboleth2.xml.j2 +++ b/roles/shibboleth-sp/templates/shibboleth2.xml.j2 @@ -205,11 +205,21 @@ {% endfor %} {% for resolver in shibboleth_sp_attribute_resolvers %} - + + {% if resolver.regex is defined %} + {% for regex_properties in resolver.regex -%} + {{ regex_properties.value | default('') }} + {% endfor %} + {%- endif -%} + {% endfor %}