File-based Name Mapping

GridShib Beta implements a file-based name mapping at the !IdP. (A name mapping file is similar in concept to the grid-mapfile at the Grid SP.) Each row in the name mapping file includes an RFC 2253-conformant DN string and a principal name, separated by one or more whitespace characters. Quoted or unquoted forms (in either data element) are permitted. In a quoted form, the escape character is the familiar backslash character (
).

Blank lines and comments are permitted in the name mapping file. A comment is any line whose first non-whitespace character is the octothorp (#).

The implementation uses regular expressions to parse a name mapping file. The following rules are used to parse the file:

• Blank lines and comments are ignored.
• Each remaining line of the file consists of two whitespace-separated fields: the DN and the principal name (in that order).
• In either case, an input field is either a QUOTED_FORM or an UNQUOTED_FORM.
• An UNQUOTED_FORM is a contiguous sequence of one or more non-whitespace characters.
• A QUOTED_FORM is an arbitrary sequence of characters delimited by doublequote characters.
• Inside a QUOTED_FORM, every character is interpreted literally except the doublequote character and the backslash character. The latter is the escape character.
  • A literal doublequote character must be escaped with a backslash.
  • A literal backslash character must also be escaped with a backslash (i.e., a "double backslash").
  • An escaped character other than doublequote or backslash is equivalent to the corresponding unescaped character.
• A QUOTED_FORM may be preceded by zero or more whitespace characters.

A simple example of a name mapping file is distributed along with GridShib Beta.