Merge pull request #201 from jcpunk/attribute-map

Add mellon-attribute-map.xsl to convert shibboleth:2.0:attribute-map
This commit is contained in:
Olav Morken 2019-04-11 09:15:20 +02:00 committed by GitHub
commit ef60270745
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 0 deletions

View File

@ -0,0 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Convert urn:mace:shibboleth:2.0:attribute-map to MellonSetEnv statements
Author: Pat Riehecky <riehecky@fnal.gov>
Copyright (2019). Fermi Research Alliance, LLC
-->
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:map="urn:mace:shibboleth:2.0:attribute-map"
>
<xsl:output method="text" omit-xml-declaration="yes" indent="no"/>
<xsl:template match="/map:Attributes">
<xsl:apply-templates select="map:Attribute">
<xsl:sort select="@id" data-type="text" />
<xsl:sort select="@name" data-type="text" order="descending"/>
</xsl:apply-templates>
</xsl:template>
<xsl:template match='map:Attribute'>
<xsl:value-of select="concat('MellonSetEnvNoPrefix ', @id, ' ' , @name)"/><xsl:text>&#xa;</xsl:text>
</xsl:template>
</xsl:stylesheet>

View File

@ -2117,6 +2117,11 @@ MellonSetEnvNoPrefix REMOTE_USER_LASTNAME sn
Also see <<set_remote_user>> for an example of setting the `REMOTE_USER`
environment variable using `MellonSetEnvNoPrefix`.
If you recieved an attribute-map.xml from your IDP that uses the
`urn:mace:shibboleth:2.0:attribute-map` namespace, it can be converted
to `MellonSetEnvNoPrefix` entries with `docs/mellon-attribute-map.xsl`
and loaded into your webserver configuration.
=== Using Mellon to apply constraints [[assertion_constraints]]
SAML attributes can be used for more than exporting those values to a