Add mellon-attribute-map.xsl to convert urn:mace:shibboleth:2.0:attribute-map

This commit is contained in:
Pat Riehecky 2019-04-10 11:44:39 -05:00
parent 7d681177cb
commit f03fb14214
2 changed files with 30 additions and 0 deletions

View File

@ -0,0 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Convert urn:mace:shibboleth:2.0:attribute-map to MellonSetEnv statements
Author: Pat Riehecky <riehecky@fnal.gov>
Copyright (2019). Fermi Research Alliance, LLC
-->
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:map="urn:mace:shibboleth:2.0:attribute-map"
>
<xsl:output method="text" omit-xml-declaration="yes" indent="no"/>
<xsl:template match="/map:Attributes">
<xsl:apply-templates select="map:Attribute">
<xsl:sort select="@id" data-type="text" />
<xsl:sort select="@name" data-type="text" order="descending"/>
</xsl:apply-templates>
</xsl:template>
<xsl:template match='map:Attribute'>
<xsl:value-of select="concat('MellonSetEnvNoPrefix ', @id, ' ' , @name)"/><xsl:text>&#xa;</xsl:text>
</xsl:template>
</xsl:stylesheet>

View File

@ -2117,6 +2117,11 @@ MellonSetEnvNoPrefix REMOTE_USER_LASTNAME sn
Also see <<set_remote_user>> for an example of setting the `REMOTE_USER`
environment variable using `MellonSetEnvNoPrefix`.
If you recieved an attribute-map.xml from your IDP that uses the
`urn:mace:shibboleth:2.0:attribute-map` namespace, it can be converted
to `MellonSetEnvNoPrefix` entries with `docs/mellon-attribute-map.xsl`
and loaded into your webserver configuration.
=== Using Mellon to apply constraints [[assertion_constraints]]
SAML attributes can be used for more than exporting those values to a