Nullnss is a different capability from presense. In the example I think
you'll find that memberOf is *always* available in AD and so that if doesn't
do anything
I think that you will need to check for the attribute being present before
you use the variable. I've not done a huge amount of Shib2 scriplet work
but I'd try something like:
if (requestContext.getAttributes().containsKey("groupMembership")) {
bla;
}
And if that didn't work I'd start printf'ing the context of gettAttributes()
to see what happened..
R
PS Once you have your example, don't forget to add it to the wiki.
----- Original Message -----
From: "Andy Swiffin" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Friday, August 14, 2009 3:11 PM
Subject: Script throwing error
Hi
Right, now I have a _real_ problem.
I have the following script:
<resolver:AttributeDefinition id="eduPersonEntitlement" xsi:type="Script"
xmlns="urn:mace:shibboleth:2.0:resolver:ad" >
<resolver:Dependency ref="myLDAP" />
<resolver:AttributeEncoder xsi:type="SAML1String"
xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
name="urn:mace:dir:attribute-def:eduPersonEntitlement" />
<resolver:AttributeEncoder xsi:type="SAML2String"
xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
friendlyName="eduPersonEntitlement" />
<Script> <![CDATA[
importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
eduPersonEntitlement = new BasicAttribute("eduPersonEntitlement");
if (groupMembership != null)
{
group0 = groupMembership.getValues().get(0).toLowerCase();
eduPersonEntitlement.getValues().add(group0);
}
]]>
</Script>
</resolver:AttributeDefinition>
OK, I know I wouldn't normally just stuff a group membership value in ePE
but its a convenient way to see what its doing.
This works perfectly well if I login as me, I have group memberships and the
first one is there in my ePE when I go to an SP.
If I login with a user who has no group memberships it throws an exception!
Surely the "if (groupMembership != null)" line should stop that
happening? But in the logs is
com.sun.phobos.script.util.ExtendedScriptException:
org.mozilla.javascript.EcmaError: ReferenceError: "groupMembership" is not
defined. (<Unknown Source>#3) in <Unknown Source> at line number 3
This is almost identical to the example for ePA in the wiki:
https://spaces.internet2.edu/display/SHIB2/ResolverScriptAttributeDefinition
:
if (memberOf != null ){
student = false;
faculty = false;
staff = false;
Am I missing something here?
Andy
The University of Dundee is a registered Scottish charity, No: SC015096
|