provider exceptions to wildcard attribute maps
Thu, Nov 20, 2008
In the run-up to the 2.0 release, I added some new functionality to the attribute mapping capabilities of the IdP. You can specify a wildcard mapping for all service providers but perhaps you don’t want two or three of them sharing in the fun. Now you can exclude them:
The above snippet from map-providers.xml says the IdP should apply the “urn:mace:dir:attribute-def:eduPersonTargetedID” map to all service providers and the “urn:mace:dir:attribute-def:eduPersonScopedAffiliation-member” map to all service providers except “urn:mace:eduserv.org.uk:athens:federation:uk”. This basically means release eduPersonTargetedID to all service providers and eduPersonScopedAffiliation with a scope of “member” to all service providers except OpenAthens.
Of course, if you want to use exlcusion in multiple maps, you can define the service provider as a variable to make it easier to read: