ページ履歴

    <!-- Attribute Definition for eduPersonPrincipalName -->
    <!----> ← コメント終了を追加して、以下を有効とします
    <resolver:AttributeDefinition <AttributeDefinition xsi:type="ad:Scoped" id="eduPersonPrincipalName" scope="%{idp.scope}" sourceAttributeID="uid">
　　　　　 ← scopeはidp.propertiesを参照するので設定不要です。
　　　　　 　　　　 　 sourceAttributeIDにLDAP内の属性名を設定します。 
        <resolver:Dependency <InputDataConnector ref="myLDAP" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
    </resolver:AttributeDefinition>
    attributeNames="uid" />
</AttributeDefinition>
<!----> ← > ← コメント開始を追加して、上記を有効とします
 

    <!-- Attribute Definition for eduPersonEntitlement -->
    <!-- --> ← コメント終了を追加して、以下を有効とします
    <resolver:AttributeDefinition <AttributeDefinition xsi:type="ad:Simple" id="eduPersonEntitlement" sourceAttributeID="eduPersonEntitlement">
        <resolver:Dependency <InputDataConnector ref="staticEntitlementCommonLibTerms" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:eduPersonEntitlement" encodeType="false" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" encodeType="false" />
    </resolver:AttributeDefinition>
    attributeNames="eduPersonEntitlement" />
</AttributeDefinition>
<!----> ← コメント開始を追加して、上記を有効とします
    <!-- Static Connector for eduPersonEntitlement (common-lib-terms) -->
    <!-- --> ← コメント終了を追加して、以下を有効とします
        <resolver:DataConnector <DataConnector id="staticEntitlementCommonLibTerms" xsi:type="dc:Static">
        <dc:Attribute <Attribute id="eduPersonEntitlement">
            <dc:Value>urn <Value>urn:mace:dir:entitlement:common-lib-terms</dc:Value>
        </dc:Attribute>
    </resolver:DataConnector>
    <!----> ← コメント開始を追加して、上記を有効とします

<!-- ========================================== -->
<!-- Data Connectors -->
<!-- ========================================== -->

    <!-- Example LDAP Connector -->
    <!--
        Add the following configuration below the </dc:FilterTemplate> line
        in order to reduce the LDAP attributes to be retrieved using
        idp.attribute.resolver.LDAP.returnAttributes in conf/ldap.properties:
          <dc:ReturnAttributes>%{idp.attribute.resolver.LDAP.returnAttributes}</dc:ReturnAttributes>
    -->
    <!--
        Add the following configuration above the </resolver:DataConnector>
        line in order to use StartTLS Add the attributes that you want to send directly to the exportAttributes
attribute. the exportAttributes is a space-separated list, which can contain:
mail sn ou givenName displayName eduPersonAssurance eduPersonOrcid
jasn jaGivenName jaDisplayName jaou

e.g.
exportAttributes="mail sn ou givenName displayName jasn jaGivenName jaDisplayName jaou"

If you have an LDAP attribute name which is different from the above list,
change the columnName attribute in the corresponding Column element
approprietely and enable that line.

e.g.
<Column columnName="email" attributeID="mail" />

Add the following configuration below the <DataConnector line in order
to use StartTLS
        (i.e. idp.attribute.resolver.LDAP.useStartTLS in
conf/ldap.properties
        is true) or LDAPS (i.e. you use "ldaps:" protocol
in idp.attribute.resolver.LDAP.ldapURL in conf/ldap.properties):

trustFile="%
          <dc:StartTLSTrustCredential id="LDAPtoIdPCredential" xsi:type="sec:X509ResourceBacked">
              <sec:Certificate>%{idp.attribute.resolver.LDAP.trustCertificates}</sec:Certificate>
          </dc:StartTLSTrustCredential>
    "
-->
    <!-- --> ← コメント終了を追加して、以下を有効とします

<DataConnector     <resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory"
        ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
        baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
        principal="%{idp.attribute.resolver.LDAP.bindDN}"
        principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
        useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
connectTimeout=">
        <dc:FilterTemplate>
            %{idp.attribute.resolver.LDAP.connectTimeout}"
responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}"
exportAttributes=""
noResultIsError="%{idp.attribute.resolver.LDAP.noResultIsError:true}">
<FilterTemplate>
<![CDATA[
                %{idp.attribute.resolver.LDAP.searchFilter}
            ]]>
        </dc:FilterTemplate>
    </resolver:DataConnector>
    </FilterTemplate>
<ConnectionPool
minPoolSize="%{idp.pool.LDAP.minSize:3}"
maxPoolSize="%{idp.pool.LDAP.maxSize:10}"
blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}"
validateDN="%{idp.pool.LDAP.validateDN:}"
validateFilter="%{idp.pool.LDAP.validateFilter:(objectClass=*)}"
expirationTime="%{idp.pool.LDAP.idleTime:PT10M}"/>
<!--
<Column columnName="mail" attributeID="mail" />
<Column columnName="sn" attributeID="sn" />
<Column columnName="ou" attributeID="ou" />
<Column columnName="givenName" attributeID="givenName" />
<Column columnName="displayName" attributeID="displayName" />
<Column columnName="eduPersonAssurance" attributeID="eduPersonAssurance" />
<Column columnName="eduPersonOrcid" attributeID="eduPersonOrcid" />
<Column columnName="sn;lang-ja" attributeID="jasn" />
<Column columnName="givenName;lang-ja" attributeID="jaGivenName" />
<Column columnName="displayName;lang-ja" attributeID="jaDisplayName" />
<Column columnName="ou;lang-ja" attributeID="jaou" />
-->
</DataConnector>
<!-- --> ← コメント開始を追加して、上記を有効とします