[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
[higgins-dev] JNDI Provider w/ select mapping PDPs
|
I'm now ready to check in the JNDI CP w/ select mapping PDPs. This will require configuration file changes for most who are using it. There will no longer be any hard coded mappings for CardSpace or any other system within the JNDI CP. These mappings will now be specified within the JNDI CP configuration file using JavaScript. I will check this in tomorrow evening if there are no complaints or issues.
I will be including this on the JNDI CP documentation page but here's a description and sample of the 8 PDPs I've added. There are consumer and provider counterparts defined for each of 4 different mappings supported:
1. Subject ID Mapping
a. consumerSubjectIDToProvider
Here's an example of how an IdAS consumer style subject ID might be mapped to a JNDI provider style subject ID:
<JSPolicyAction id="consumerSubjectIDToProvider" evalType="javascript"> <![CDATA[
RESULT = "cn=" + PARAM + ",ou=people,dc=wag,dc=bandit-project,dc=org"
]]>
</JSPolicyAction>
b. providerSubjectIDToConsumer
Here's an example of how a JNDI provider style subject ID would be symmetrically mapped back to an IdAS consumer style subject ID based on the example above:
<JSPolicyAction id="providerSubjectIDToConsumer" evalType="javascript">
<SCRIPT LANGUAGE="javascript"> <![CDATA[
var re = new RegExp("^cn=(.*),ou=people,dc=wag,dc=bandit-project,dc=org$", "i");
RESULT = String(PARAM.toString()).replace(re, "$1");
]]>
</SCRIPT>
</JSPolicyAction>
2. Digital Subject Type Mapping
a. consumerDSTypeToProvider
Here's an example of how an IdAS consumer style Digital Subject Type might be mapped to a JNDI provider style Digital Subject Type:
<JSPolicyAction id="consumerDSTypeToProvider" evalType="javascript">
<SCRIPT LANGUAGE="javascript"> <![CDATA[
var re = new RegExp("^http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#class_";, "i");
RESULT = String(PARAM.toString()).replace(re, "");
]]>
</SCRIPT>
</JSPolicyAction>
b. providerDSTypeToConsumer
Here's an example of how a JNDI provider style Digital Subject Type would be symmetrically mapped back to an IdAS consumer style Digital Subject Type based on the example above:
<JSPolicyAction id="providerDSTypeToConsumer" evalType="javascript">
<SCRIPT LANGUAGE="javascript"> <![CDATA[
RESULT = "http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#class_"+String(PARAM.toString());
]]>
</SCRIPT>
</JSPolicyAction>
3. Attribute Type Mapping
a. Type Mapping Table
Here's an example of an attribute mapping table that could be used to map CardSpace claim types to JNDI provider attribute types:
<SCRIPT LANGUAGE="javascript"> <![CDATA[
var multimap = {
consumer: [],
provider: []
};
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname";] =
["givenname", "2.5.4.42"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname";] =
["sn", "surname", "2.5.4.4"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress";] =
["mail", "email", "emailaddress", "internetaddress",
"1.2.840.113549.1.9.1", "rfc822mailbox", "0.9.2342.19200300.100.1.3"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress";] =
["street", "streetaddress", "2.5.4.9"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality";] =
["localityName", "2.5.4.7"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince";] =
["st", "stateprovincename", "2.5.4.8"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode";] =
["postalcode", "2.5.4.17"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country";] =
["countryname", "2.5.4.6"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone";] =
["homephone", "telephonenumber", "2.5.4.20"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone";] =
["otherphone"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone";] =
["mobilephone"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth";] =
["dateofbirth"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender";] =
["gender"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier";] =
["guid", "privatepersonalidentifier"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/groupmembership";] =
["groupmembership"];
for (elem in multimap.consumer)
{
for (provider in multimap.consumer[elem])
multimap.provider[multimap.consumer[elem][provider]] = elem;
}
]]>
</SCRIPT>
b. consumerTypeToProvider
Here's an example of how an IdAS consumer attribute type might be mapped to a JNDI provider attribute type:
<JSPolicyAction id="consumerTypeToProvider" evalType="javascript"> <![CDATA[
map = multimap.consumer[String(PARAM.toString())];
if (!map)
{
var re = new RegExp("^http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_";, "i");
map = String(PARAM.toString()).replace(re, "");
}
RESULT = map;
]]>
</JSPolicyAction>
c. providerTypeToConsumer
Here's an example of how a JNDI provider attribute type would be symmetrically mapped to an IdAS consumer attribute type based on the example above:
<JSPolicyAction id="providerTypeToConsumer" evalType="javascript"> <![CDATA[
map = multimap.provider[String(PARAM.toString())];
if (!map)
map = "http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_"; + PARAM.toString();
RESULT = map;
]]>
</JSPolicyAction>
4. Attribute Value Mapping
No examples yet, but one of the main purposes with these will be transform subject IDs in attribute values.
a. consumerValueToProvider
b. providerValueToConsumer
Tom
