Unicon/wso2-static-attributes-injector

Name: wso2-static-attributes-injector

Owner: Unicon, Inc.

Description: Extends UserStoreManagers to support injecting static attributes into user property responses.

Created: 2016-10-13 20:08:19.0

Updated: 2016-10-13 20:40:23.0

Pushed: 2016-10-13 21:26:01.0

Homepage: null

Size: 14

Language: Java

GitHub Committers

UserMost Recent Commit# Commits

Other Committers

UserEmailMost Recent Commit# Commits

README

WSO2 Static Attributes Injector

The WSO2 Static Attributes Injector supports a short coming in WSO2 Identity Server (IS) in that it can't support hardcoded (i.e. static) attributes that can apply to all users. This plugin allows an IS server admin to specify user properties (attributes) and values that will be applied to all users. This can be handy when a service provider needs organization specific information.

This plugin is designed to work with WSO2 Identity Server 4.2/Ellucian Identity Service 1.1.

Installation Instruction

The following steps are needed to apply this plugin:

  1. Build the jar using mvn clean package.
  2. Copy wso2-static-attributes-injector-<VERSION>.jar to <EIS-CARBON_HOME>/repository/components/lib/.
  3. Update <EIS-CARBON_HOME>/repository/conf/user-mgt.xml as described below.
  4. Copy adusmsai.xml to <EIS-CARBON_HOME>/repository/conf/.
  5. Update adusmsai.xml as described below.
  6. Restart the service.
user-mgt.xml Settings

Update user-mgt.xml to utilize the ActiveDirectoryUserStoreManagerStaticAttributeInjector class instead of ActiveDirectoryUserStoreManager by changing:

rStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">

to:

rStoreManager class="net.unicon.carbon.user.ldap.ActiveDirectoryUserStoreManagerStaticAttributeInjector">
adusmsai.xml File Description and Format

adusmsai.xml is used to instruct the plugin as to which attributes and values should be injected into the user profile when IS query user properties.

The following example provides two attributes (schoolCode and eduPersonAffiliation) and their respective values that all users will receive regardless of what the AD/LDAP server indicates:

l version="1.0" encoding="UTF-8"?>
ticAttributes>
<attribute name="schoolCode">
    <value>123456</value>
</attribute>
<attribute name="eduPersonAffiliation">
    <value>member</value>
    <value>student</value>
</attribute>
aticAttributes>
Other UserStoreManager cases

It should be trivial to clone the ActiveDirectoryUserStoreManagerStaticAttributeInjector class so that its logic can support other UserStoreManager implementations.

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.