>>> On 18/07/2008 at 19:07, in message
<[log in to unmask]>, Rhys
Smith <[log in to unmask]> wrote:
>
> An example scriptlet is available that looks at a user's affiliation value
> and, if it's staff or student, adds the
> urn:mace:dir:entitlement:common-lib-terms entitlement value automatically
> to the existing values in the directory is available on the I2 Shib Wiki
> at:
>
> https://spaces.internet2.edu/display/SHIB/ScriptletAttributeDefinition
>
> (it's the second example down).
>
> This does the job of adding the entitlement value for staff and students
> (presuming your affiliation values are correct), but obviously doesn't
> address the walk-in-users issue. But it's a good start...
Maybe I'm missing something but I can't get this to work.
The script says:
<ScriptletAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
<DataConnectorDependency requires="directory"/>
<AttributeDependency requires="urn:mace:dir:attribute-def:eduPersonAffiliation" />
<Scriptlet><![CDATA[
Attributes attributes = dependencies.getConnectorResolution("directory");
Attribute entitlement = attributes.get("eduPersonEntitlement");
// add values from directory
for (int i = 0; entitlement != null && i < entitlement.size(); i++)
{
resolverAttribute.addValue(entitlement.get(i));
}
// add common-lib-terms for staff and student
Attribute attribute = attributes.get("eduPersonAffiliation");
if (attribute.contains("staff") ||attribute.contains("student"))
{
resolverAttribute.addValue("urn:mace:dir:entitlement:common-lib-terms");
}
]]>
</Scriptlet>
</ScriptletAttributeDefinition>
AIUI the intention is that the script
a) goes to the directory to get a directory attribute eduPersonEntitlement
b) but gets the value eduPersonAffiliation that are set locally within Shibboleth
The first section is straightforward enough and works (albeit with different attribute names here). However when we get to the common-lib-terms bit it _still_ seems to be going to the directory to look for an attribute called eduPersonAffiliation rather than taking that from the local shibboleth value. This causes the whole scriptlet to fail as eduPersonAffiliation is not a directory attribute and no values are released (even if the first bit succeeds).
Any ideas?
Andy
--
*********
Andy Swiffin
Senior Network Specialist, Corporate Information systems
Information & Communications Services (ICS)
University of Dundee, Computing Centre, Park Place, Dundee, DD1 4HN
Direct: 01382 388000 (Service Desk)
Visit our website at: www.dundee.ac.uk/ics
*********
The University of Dundee is a registered Scottish charity, No: SC015096
|