...
Suppose you want to release the standard library entitlement, based on membershib membership in one or more groups.
| Code Block |
|---|
<resolver:AttributeDefinition id="memberships" xsi:type="Simple"
xmlns="urn:mace:shibboleth:2.0:resolver:ad"
sourceAttributeID="isMemberOf">
<resolver:Dependency ref="myLDAP" />
</resolver:AttributeDefinition>
<resolver:AttributeDefinition id="entitlement_lib" xsi:type="Script"
xmlns="urn:mace:shibboleth:2.0:resolver:ad">
<resolver:Dependency ref="memberships" />
<resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
name="urn:mace:dir:attribute-def:eduPersonEntitlement" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" />
<Script>
<![CDATA[
importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
entitlement = new BasicAttribute("entitlement_lib");
var ngroup = memberships.getValues().size();
for (var i=0; i<ngroup; i++) {
var group = memberships.getValues().get(i);
if (group.equals("uw:student") || group.equals("uw:employee") || group.equals("uw:lib:users") ) {
entitlement.getValues().add('urn:mace:dir:entitlement:common-lib-terms');
break;
}
}
]]>
</Script>
</resolver:AttributeDefinition>
|
...