Menu
▾
▴
Re: [Unity-idm-discuss] attribute statement genereated attribute in attribute statement
|
From: Sander A. <sa....@fz...> - 2022-12-14 15:16:44
|
Dear Krzysztof, being more precise. We have some entitlements coming from the upstream IdPs as eduPersonEntitlement and stored as eduPersonEntitlement- external. Than we have some other information like group membership information, expressed according to AARC guideline, store on eduPersonEntitlement-internal. In output translation profiles for SAML and OAuth we are merging those two values. And we would need to do the same von SCIM to release there the entitlements as well. During my tests I was not able to combine here the two attributes. Best regards, Sander On Wed, 2022-12-14 at 15:49 +0100, Krzysztof Benedyczak wrote: > W dniu 14.12.2022 o 15:47, Krzysztof Benedyczak pisze: > > Dear Sander, > > > > W dniu 13.12.2022 o 09:35, Sander Apweiler pisze: > > > Dear Krzysztof, > > > we are using attribute statements to create some attributes. One > > > of > > > them is are the internal entitlements, where we express group > > > membership information in a specific format. When we started to > > > configure the SCIM API, we encountered that we can release here > > > only > > > single attributes but can not merge two attributes like we did in > > > SAML/Oauth output translation profiles. For this reason we > > > created > > > another attribute statement, which merges external and internal > > > entitlements. Sadly this only works for the external > > > entitlements, but > > > not for the internals (created by attribute statements). So my > > > questions is, can I use attributes, which was created by an > > > attribute > > > statement within another attribute statement? > > > > To answer the specific question: yes, an attribute statement > > generating a dynamic can use a dynamic attribute generated by other > > attribute statement, however only in another group (i.e. such other > > dynamic attribute can be only accessed using the eattr variable). > > > > Regarding your specific problem, let me ensure if I understand it > > completely. > > > > So you have internalEntitlements dynamic attribute and a regular > > attribute with externalEntitlements. Now you want to output over > > SCIM > > API an attribute which will have a union of values of > > internalEntitlments and externalEntitlments? > > Maybe an additional explanation: I'm asking, as I think that the > above > case is supported in SCIM configuration, and so I guess your scenario > is > more complex. > > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
