From 8e7e13c88dad851e933bcf28faf29ebb0e4ea32a Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Wed, 9 Mar 2022 15:01:34 +0200 Subject: [PATCH] Support multiple configurations for AttributeResolver Shibboleth plugin --- roles/shibboleth-sp/defaults/main.yml | 9 ++++++++- .../templates/shibboleth2.xml.j2 | 20 ++++++++++++++----- 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/roles/shibboleth-sp/defaults/main.yml b/roles/shibboleth-sp/defaults/main.yml index ad2c95f5..83b505f7 100644 --- a/roles/shibboleth-sp/defaults/main.yml +++ b/roles/shibboleth-sp/defaults/main.yml @@ -147,7 +147,14 @@ shibboleth_sp_attribute_extractors: shibboleth_sp_attribute_resolvers: - type: "Query" - subject_match: "true" + subjectMatch: "true" + - type: "Transform" + source: "eduPersonScopedAffiliation" + regex: + - value: "$1" + properties: + match: "^(.+)@(.+)" + dest: "eduPersonPrimaryAffiliation" # The default settings can be overridden by creating ApplicationOverride # elements. When you use virtual hosting, there is no special handler diff --git a/roles/shibboleth-sp/templates/shibboleth2.xml.j2 b/roles/shibboleth-sp/templates/shibboleth2.xml.j2 index 2a7feac2..f63e477b 100644 --- a/roles/shibboleth-sp/templates/shibboleth2.xml.j2 +++ b/roles/shibboleth-sp/templates/shibboleth2.xml.j2 @@ -205,11 +205,21 @@ {% endfor %} {% for resolver in shibboleth_sp_attribute_resolvers %} - + + {% if resolver.regex is defined %} + {% for regex_properties in resolver.regex -%} + {{ regex_properties.value | default('') }} + {% endfor %} + {%- endif -%} + {% endfor %}