Australian Access Federation Support Desk

A sample Shibboleth attribute resolver script for the cn attribute

by Paul Stepowski Follow

AAF has specific requirements for the cn attribute.  Essentially, the cn attribute must be comprised of the user's givenName + <space> + surname.  Here is a script that you can cut and paste into your attribute-resolver.xml configuration file that will make sure your IdP releases the cn attribute in the correct format:

 

    <resolver:AttributeDefinition xsi:type="ad:Script" id="commonName">
       <resolver:Dependency ref="givenName" />
       <resolver:Dependency ref="surname" />
       <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:cn" />
       <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.3" friendlyName="cn" />

       <ad:Script><![CDATA[
           importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);

            commonName = new BasicAttribute("commonName");

            if ((typeof givenName != "undefined" && givenName != null && givenName.getValues().size()>0) &&
                (typeof surname != "undefined" && surname != null && surname.getValues().size()>0)) {

                commonName.getValues().add(givenName.getValues().get(0) + " " + surname.getValues().get(0));
            }

            if ((typeof givenName == "undefined" || givenName == null || givenName.getValues().size()==0) &&
                (typeof surname != "undefined" && surname != null && surname.getValues().size()>0)) {
                commonName.getValues().add(surname.getValues().get(0));
            }

            if ((typeof givenName != "undefined" && givenName != null && givenName.getValues().size()>0) &&
                (typeof surname == "undefined" && surname == null && surname.getValues().size()==0)) {
                commonName.getValues().add(givenName.getValues().get(0));
            }

       ]]>
       </ad:Script>
    </resolver:AttributeDefinition> 
Have more questions? Submit a request

Was this article helpful?
0 out of 0 found this helpful

Comments

Powered by Zendesk