...
| パネル |
|---|
| borderColor | #cccccc |
|---|
| bgColor | #eeeeee |
|---|
| borderStyle | solid |
|---|
|
<!-- ========================================== -->
<!-- Data Connectors -->
<!-- ========================================== -->
<!-- Example LDAP Connector -->
<!--
Add the attributes that you want to send directly to the exportAttributes
attribute. the exportAttributes is a space-separated list, which can contain:
mail sn ou givenName displayName eduPersonAssurance eduPersonOrcid
jasn jaGivenName jaDisplayName jaou
e.g.
exportAttributes="mail sn ou givenName displayName jasn jaGivenName jaDisplayName jaou"
If you have an LDAP attribute name which is different from the above list,
change the columnName attribute in the corresponding Column element
approprietely and enable that line.
e.g.
<Column columnName="email" attributeID="mail" />
Add the following configuration below the <DataConnector line in order
to use StartTLS (i.e. idp.attribute.resolver.LDAP.useStartTLS in
conf/ldap.properties is true) or LDAPS (i.e. you use "ldaps:" protocol
in idp.attribute.resolver.LDAP.ldapURL in conf/ldap.properties):
trustFile="%{idp.attribute.resolver.LDAP.trustCertificates}"
-->
<!-- -->
<DataConnector id="myLDAP" xsi:type="LDAPDirectory"
ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
principal="%{idp.attribute.resolver.LDAP.bindDN}"
principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}"
exportAttributes="CHANGETHISTOATTRIBUTESYOUWANTTOSEND"
noResultIsError="%{idp.attribute.resolver.LDAP.noResultIsError:true}">
<FilterTemplate>
<![CDATA[
%{idp.attribute.resolver.LDAP.searchFilter}
]]>
</FilterTemplate>
<ConnectionPool
minPoolSize="%{idp.pool.LDAP.minSize:3}"
maxPoolSize="%{idp.pool.LDAP.maxSize:10}"
blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}"
validateDN="%{idp.pool.LDAP.validateDN:}"
validateFilter="%{idp.pool.LDAP.validateFilter:(objectClass=*)}"
expirationTime="%{idp.pool.LDAP.idleTime:PT10M}"/>
<!--
<Column columnName="mail" attributeID="mail" />
<Column columnName="sn" attributeID="sn" />
<Column columnName="ou" attributeID="ou" />
<Column columnName="givenName" attributeID="givenName" />
<Column columnName="displayName" attributeID="displayName" />
<Column columnName="eduPersonAssurance" attributeID="eduPersonAssurance" />
<Column columnName="eduPersonOrcid" attributeID="eduPersonOrcid" />
<Column columnName="sn;lang-ja" attributeID="jasn" />
<Column columnName="givenName;lang-ja" attributeID="jaGivenName" />
<Column columnName="displayName;lang-ja" attributeID="jaDisplayName" />
<Column columnName="ou;lang-ja" attributeID="jaou" />
-->
</DataConnector>
<!-- -->
|
...
ComputedIdやStoredIdのコネクタも同様ですが、sourceAttributeやsaltは saml-nameid.properties ファイルや credentials/secrets.properties を参照するようになっていますので、そちらで設定してください。また、直上の %{idp.persistentId.sourceAttribute} という疑似属性定義も有効化することを忘れないでください。 を参照するようになっていますので、そちらで設定してください。
その他詳細はテンプレートファイル中のコメントをご参照ください。
...