I have upgraded "Identity Provider" from version 2.2.1 to 2.3.4, in our attribute resolver we have some attribute in ldap and some attribute in rdbms oracle.
After upgrade, the "Identity Provider" doesn't resolve the attributes on rdbms, without apparently error, it resolves only uid attribute on ldap.
Below the attribute-resolver.xml that works with previous configuration.
<?xml version="1.0" encoding="UTF-8"?>
<resolver:AttributeResolver xmlns:resolver="urn:mace:shibboleth:2.0:resolver"
xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance" xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc"
xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad" xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc"
xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder" xmlns:sec="urn:mace:shibboleth:2.0:security"
xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
urn:mace:shibboleth:2.0:resolver:pc classpath:/schema/shibboleth-2.0-attribute-resolver-pc.xsd
urn:mace:shibboleth:2.0:resolver:ad classpath:/schema/shibboleth-2.0-attribute-resolver-ad.xsd
urn:mace:shibboleth:2.0:resolver:dc classpath:/schema/shibboleth-2.0-attribute-resolver-dc.xsd
urn:mace:shibboleth:2.0:attribute:encoder classpath:/schema/shibboleth-2.0-attribute-encoder.xsd
urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd">
<resolver:AttributeDefinition xsi:type="Simple" id="CodiceUtente" sourceAttributeID="CODPIN" xmlns="urn:mace:shibboleth:2.0:resolver:ad">
<resolver:Dependency ref="regute" />
<resolver:Dependency ref="regsoc" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="CodiceUtente" friendlyName="CodiceUtente" />
</resolver:AttributeDefinition>
....
Some attribute
....
<resolver:AttributeDefinition id="uid" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
sourceAttributeID="uid">
<resolver:Dependency ref="myLDAP" />
<resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
name="urn:mace:dir:attribute-def:uid" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" />
</resolver:AttributeDefinition>
<!-- ========================================== -->
<!-- Data Connectors -->
<!-- ========================================== -->
<resolver:DataConnector id="regute" xsi:type="dc:RelationalDatabase" queryTimeout="PT10.000S">
<dc:ContainerManagedConnection resourceName="java:comp/env/jdbc/ORAIDP" />
<dc:QueryTemplate>
<![CDATA[
select 'ENTPEN9934' codent,
a.codpin codpin,
a.mat mat,
'Cittadino' ruo,
b.codfis codfis,
decode (a.indemlpec, null, a.indeml, a.indemlpec) indeml,
get_profile (a.codpin) profilo,
cogprf,
nomprf,
sexprf,
titstuprf,
doptitstu,
isc_giorno (b.mat, sysdate) flgisc,
fu_pen (b.mat) flgpen,
decode (fu_contadnp (b.mat, 1) + fu_contadnp (b.mat, 1), 0, 0, 1) flgdicoms,
isc_anno (b.mat, fu_ac_web()) flgiscdic,
fu_anz_cassa (b.mat, sysdate, 1) annanz,
fu_anz_cassa (b.mat, sysdate, 2) gganz,
fu_eta (sysdate, datnas) anneta,
del,
fu_ra(b.mat,fu_ac_web()) flgdicirp,
fu_vaa(b.mat,fu_ac_web()) flgdiciva
from i_regute a, b_anacas b
where b.mat(+) = a.mat and codpin = '$requestContext.principalName'
]]>
</dc:QueryTemplate>
</resolver:DataConnector>
<resolver:DataConnector id="regsoc" xsi:type="dc:RelationalDatabase" queryTimeout="PT10.000S">
<dc:ContainerManagedConnection resourceName="java:comp/env/jdbc/ORAIDP" />
<dc:QueryTemplate>
<![CDATA[
select CODPIN ,CODSOC MAT, DECODE(INDPECRPL,NULL,INDEMLRPL,INDPECRPL) INDEML, GET_PROFILE(CODPIN) PROFILO FROM I_REGSOC WHERE CODPIN='$requestContext.principalName'
]]>
</dc:QueryTemplate>
</resolver:DataConnector>
<resolver:DataConnector id="myLDAP" xsi:type="LDAPDirectory" xmlns="urn:mace:shibboleth:2.0:resolver:dc"
ldapURL="ldap://
xxx.inarcassa.it ldap://
xxx.inarcassa.it" baseDN="ou=Users,dc=inarcassa,dc=it" principal="cn=Manager,dc=
inarcassa,dc=it"
principalCredential="xxxxxx">
<FilterTemplate>
<![CDATA[
(uid=$requestContext.principalName)
]]>
</FilterTemplate>
</resolver:DataConnector>
<!-- ========================================== -->
<!-- Principal Connectors -->
<!-- ========================================== -->
<resolver:PrincipalConnector xsi:type="pc:Transient" id="shibTransient" nameIDFormat="urn:mace:shibboleth:1.0:nameIdentifier" />
<resolver:PrincipalConnector xsi:type="pc:Transient" id="saml1Unspec" nameIDFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
<resolver:PrincipalConnector xsi:type="pc:Transient" id="saml2Transient" nameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />
</resolver:AttributeResolver>
<!-- ========================================== -->
<!-- Principal Connectors -->
<!-- ========================================== -->
<resolver:PrincipalConnector xsi:type="pc:Transient" id="shibTransient" nameIDFormat="urn:mace:shibboleth:1.0:nameIdentifier" />
<resolver:PrincipalConnector xsi:type="pc:Transient" id="saml1Unspec" nameIDFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
<resolver:PrincipalConnector xsi:type="pc:Transient" id="saml2Transient" nameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />
</resolver:AttributeResolver>
I can't attach log otherwise the moderator cuts my message.
Where's the mistake?
Thanks
Daniele