...
Suppose you want to release the standard library entitlement, based on membershib membership in one or more groups.
Code Block |
---|
<resolver:AttributeDefinition id="memberships" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="isMemberOf"> <resolver:Dependency ref="myLDAP" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="entitlement_lib" xsi:type="Script" xmlns="urn:mace:shibboleth:2.0:resolver:ad"> <resolver:Dependency ref="memberships" /> <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="urn:mace:dir:attribute-def:eduPersonEntitlement" /> <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" /> <Script> <![CDATA[ importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider); entitlement = new BasicAttribute("entitlement_lib"); var ngroup = memberships.getValues().size(); for (var i=0; i<ngroup; i++) { var group = memberships.getValues().get(i); if (group.equals("uw:student") || group.equals("uw:employee") || group.equals("uw:lib:users") ) { entitlement.getValues().add('urn:mace:dir:entitlement:common-lib-terms'); break; } } ]]> </Script> </resolver:AttributeDefinition> |
...