Dependency in Attribute def

Discussion:

David Bantz

2014-08-29 19:27:55 UTC

This

<resolver:AttributeDefinition
id="oktanameid"
xsi:type="Script"
xmlns="urn:mace:shibboleth:2.0:resolver:ad"
sourceAttributeID="UASystemID"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:resolver="urn:mace:shibboleth:2.0:resolver">
<resolver:Dependency ref="myLDAP" />
<resolver:Dependency ref="UASystemID" /> ...

produces the following error (preventing loading of the attribute-resolver):

org.xml.sax.SAXParseException: cvc-identity-constraint.4.3: Key 'AttributeDefinitionAttributeDefinitionDependencyRef' with value 'UASystemID' not found for identity constraint of element 'AttributeResolver'.

but seems unexceptional and closely parallel to other definitions such as this example from the wiki:

https://wiki.shibboleth.net/confluence/display/SHIB2/ResolverScriptAttributeDefinitionExamples#ResolverScriptAttributeDefinitionExamples-GenerateUniqueOpaqueIdentifier :
<resolver:AttributeDefinition xsi:type="Script" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
id="swissEduPersonUniqueID"
sourceAttributeID="uidNumber">

<resolver:Dependency ref="myLDAP" />
<resolver:Dependency ref="uidNumber" /> ...

UASystemID is used successfully in other attribute definitions, like:
<resolver:AttributeDefinition id="uaUsername" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
sourceAttributeID="UASystemID">
<resolver:Dependency ref="myLDAP" /> ...

What did I fumble?

David Bantz
UAlaska IAM

Cantor, Scott

2014-08-29 19:41:03 UTC

Permalink

Post by David Bantz
<resolver:AttributeDefinition
id="uaUsername"xsi:type="Simple"xmlns="urn:mace:shibboleth:2.0:resolver:ad
"
sourceAttributeID="UASystemID">
<resolver:Dependency
ref="myLDAP" /> ...

You're using it in the Dependency element, not just as a
sourceAttributeID. The constraint violated is referring to the Dependency
ref value, not the sourceAttributeID.

It's just catching the mistake before it happens at runtime, you specified
a dependency on a connector or attrbute definition called UASystemUD that
doesn't exist. That's probably a field from a data connector but not the
name of one.

-- Scott

--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org

David Bantz

2014-08-29 22:26:28 UTC

Permalink

Thanks Scott. As often, it seems clear enough once you explain it!

To be explicit, deleting
<resolver:Dependency ref="UASystemID" />
as referring to a non-existing attribute definition, while
retaining the expression of LDAP attribute dependency by
sourceAttributeID="UASystemID
removed the parse error and generated the desired result.

David Bantz
UAlaska IAM

Post by Cantor, Scott

You're using it in the Dependency element, not just as a
sourceAttributeID. The constraint violated is referring to the Dependency
ref value, not the sourceAttributeID.
It's just catching the mistake before it happens at runtime, you specified
a dependency on a connector or attrbute definition called UASystemUD that
doesn't exist. That's probably a field from a data connector but not the
name of one.
-- Scott
--

Continue reading on narkive:

Search results for 'Dependency in Attribute def' (Questions and Answers)

replies

what is inheritance in c lenguage?

started 2007-08-31 09:31:15 UTC

programming & design

replies

How can I understand the numbers below?

started 2006-03-09 04:18:16 UTC

computers & internet

replies

what kind of laptop should i get?