As part of the SSO plugin, you may configure a mapping of SSO attributes (typically Shibboleth) to easydb variables:
Attribute Mapping
Mapping of SSO attributres to easydb server variables:
In yml-files created by Programmfabrik we use an indentation of 2 spaces per ⇨.
| Name of yaml element: | Type: | Required: | Default: | Description: |
|---|---|---|---|---|
sso |
Hierarchy | no | Contains the SSO definitions for Shibboleth / Kerberos | |
⇨environment |
Hierarchy | no | Contains the environment definitions | |
⇨⇨mapping |
Hierarchy | no | Contains the mapping definitions | |
⇨⇨⇨<a_name> |
Hierarchy | no | Is a name defined my user for the explicit mapping (must be replaced with a useful name for the mapping) | |
⇨⇨⇨⇨attr |
String | no | Contains the attribute-name which should be mapped | |
⇨⇨⇨⇨input_separator |
String | no | When set, the attribute will be splitted by this separator and the regular expressions are applied to each value (version 5.77 and above) | |
⇨⇨⇨⇨output_separator |
String | no | , |
Multiple values (when splitted by input_separator are joined using this value (version 5.77 and above) |
⇨⇨⇨⇨regex_match |
String | no | Contains a regex which should match a specific attribute content | |
⇨⇨⇨⇨regex_replace |
String | no | Contains characters which should be placed instead the matched characters in regex_match |
|
⇨⇨⇨⇨regex_skip_unmatching |
Boolean | no | False | When true, values not matching regex_match are dropped (version 5.77 and above) |
⇨⇨⇨⇨regex_ignore_case |
Boolean | no | False | When true, the case is ignored for regex_match (version 5.77 and above) |
⇨⇨user |
Hierarchy | no | Contains the definition for the attribute mapping into easydb | |
⇨⇨⇨login |
String | no | %(eppn)s |
format to be used for login field |
⇨⇨⇨displayname |
String | no | %(displayName)s |
format to be used for display name field |
⇨⇨⇨email |
String | no | format to be used for email address | |
⇨⇨⇨address_supplement |
String | no | format string. The target fields are the same as in the User API, see there for more information. | |
⇨⇨⇨company |
String | no | format string. | |
⇨⇨⇨country |
String | no | format string. | |
⇨⇨⇨department |
String | no | format string. | |
⇨⇨⇨first_name |
String | no | format string. | |
⇨⇨⇨last_name |
String | no | format string. | |
⇨⇨⇨house_number |
String | no | format string. | |
⇨⇨⇨phone |
String | no | format string. | |
⇨⇨⇨postal_code |
String | no | format string. | |
⇨⇨⇨reference |
String | no | format string. | |
⇨⇨⇨remarks |
String | no | format string. | |
⇨⇨⇨street |
String | no | format string. | |
⇨⇨⇨town |
String | no | format string. | |
⇨⇨group |
List | no | ||
⇨⇨⇨attr |
String | no | Attribute which contains the group names | |
⇨⇨⇨divider |
String | no | Divider contains the character which should be usen, to divide the list of groups | |
⇨auth_method |
Hierarchy | no | ||
⇨⇨client |
Hierarchy | no | ||
⇨⇨⇨login |
Hierarchy | no | Contains the definition for the easydb-webfrontend | |
⇨⇨⇨⇨visible |
Bool | no | Definies if the sso-login button should be visible at login | |
⇨⇨⇨⇨window_open |
String | no | ||
⇨⇨⇨⇨show_errors |
Bool | no | Allows users to see errors during SSO-login | |
⇨⇨⇨logout |
Hierarchy | no | ||
⇨⇨⇨⇨url |
String | no | Contains the url for the logout process | |
⇨⇨⇨⇨window_open |
String | no |
Configuration example:
sso:
environment:
mapping:
modified_login:
attr: REMOTE_USER
regex_match: '@.*$'
regex_replace: ''
user:
login: "%(modified_login)s"
displayname: "%(cn)s"
email: "%(mail)s"
groups:
- attr: affiliation
divider: ';'
For more examples see Shibboleth.