Francesco Malvezzi francescm

## gist:ef5bd3bb52e1328a6485
    <resolver:AttributeDefinition id="email" xsi:type="Script" language="groovy" xmlns="urn:mace:shibboleth:2.0:resolver:ad" >
        <resolver:Dependency ref="uid" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
	<ScriptFile>%{idp.home}/script/mail.groovy</ScriptFile>
    </resolver:AttributeDefinition>

## gist:57cf3ee5cd335ec7ac9f
import org.slf4j.*
import net.shibboleth.idp.attribute.*

logger = LoggerFactory.getLogger("org.example.idp.scripted.groovy.email")

values = []

if ( uid && ! uid.getValues().empty )
{
  uid.getValues().each() { values.add "${it}@example.org" }

## logback.xml
<?xml version="1.0" encoding="UTF-8"?>

<!-- For assistance related to logback-translator or configuration  -->
<!-- files in general, please contact the logback user mailing list -->
<!-- at http://www.qos.ch/mailman/listinfo/logback-user             -->
<!--                                                                -->
<!-- For professional support please see                            -->
<!--    http://www.qos.ch/shop/products/professionalSupport         -->
<!--                                                                -->
<configuration scan="true" debug="true">

## add_cache_size.ldif
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbCacheSize
olcDbCacheSize: 200000

## lsearch.rb
require 'java'

require 'logback-core-1.0.9.jar'
require 'logback-classic-1.0.9.jar'
require 'slf4j-api-1.7.4.jar'
require 'ldaptive-1.0.jar'

import 'org.slf4j.Logger'
import 'org.slf4j.LoggerFactory'
import 'ch.qos.logback.classic.LoggerContext'

## jetty.xml
    <!--
        Licensed to the Apache Software Foundation (ASF) under one or more contributor
        license agreements. See the NOTICE file distributed with this work for additional
        information regarding copyright ownership. The ASF licenses this file to You under
        the Apache License, Version 2.0 (the "License"); you may not use this file except in
        compliance with the License. You may obtain a copy of the License at

        http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or
        agreed to in writing, software distributed under the License is distributed on an
        "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or

## jetty.xml snippet
<bean id="defaultIdentityService" class="org.eclipse.jetty.security.DefaultIdentityService" />

    <bean id="securityLDAPLoginService" class="org.eclipse.jetty.plus.jaas.JAASLoginService">
        <property name="name" value="ActiveMQLdapRealm" />
        <property name="LoginModuleName" value="jetty-ldap" />
	<property name="identityService" ref="defaultIdentityService" />
	<property name="roleClassNames" value="org.ldaptive.jaas.LdapRole" />
    </bean>

    <bean id="securityConstraint" class="org.eclipse.jetty.util.security.Constraint">

## logback-ldaptive.xml
<logger name="org.ldaptive" additivity="false">
    <level value="DEBUG"/>
    <appender-ref ref="R" />
    <appender-ref ref="stdout" />
  </logger>

## login.config
/**
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *

## add_tls_for_auth.ldif
dn: olcDatabase={1}hdb,cn=config
changetype: modify
delete: olcAccess
olcAccess: {1}to attrs=userPassword,shadowLastChange by self write by anonymou
 s auth by dn="cn=admin,dc=example,dc=org" write by * none
-
add: olcAccess
olcAccess: {1}to attrs=userPassword,shadowLastChange  by ssf=128 break  by pee
 rname.ip="127.0.0.1" break  by * none
olcAccess: {2}to attrs=userPassword,shadowLastChange by self write by anonymou
	<resolver:AttributeDefinition id="email" xsi:type="Script" language="groovy" xmlns="urn:mace:shibboleth:2.0:resolver:ad" >
	<resolver:Dependency ref="uid" />
	<resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />
	<resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
	<ScriptFile>%{idp.home}/script/mail.groovy</ScriptFile>
	</resolver:AttributeDefinition>
	import org.slf4j.*
	import net.shibboleth.idp.attribute.*

	logger = LoggerFactory.getLogger("org.example.idp.scripted.groovy.email")

	values = []

	if ( uid && ! uid.getValues().empty )
	{
	uid.getValues().each() { values.add "${it}@example.org" }
	<?xml version="1.0" encoding="UTF-8"?>

	<!-- For assistance related to logback-translator or configuration -->
	<!-- files in general, please contact the logback user mailing list -->
	<!-- at http://www.qos.ch/mailman/listinfo/logback-user -->
	<!-- -->
	<!-- For professional support please see -->
	<!-- http://www.qos.ch/shop/products/professionalSupport -->
	<!-- -->
	<configuration scan="true" debug="true">
	dn: olcDatabase={1}hdb,cn=config
	changetype: modify
	add: olcDbCacheSize
	olcDbCacheSize: 200000
	require 'java'

	require 'logback-core-1.0.9.jar'
	require 'logback-classic-1.0.9.jar'
	require 'slf4j-api-1.7.4.jar'
	require 'ldaptive-1.0.jar'

	import 'org.slf4j.Logger'
	import 'org.slf4j.LoggerFactory'
	import 'ch.qos.logback.classic.LoggerContext'
	<!--
	Licensed to the Apache Software Foundation (ASF) under one or more contributor
	license agreements. See the NOTICE file distributed with this work for additional
	information regarding copyright ownership. The ASF licenses this file to You under
	the Apache License, Version 2.0 (the "License"); you may not use this file except in
	compliance with the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or
	agreed to in writing, software distributed under the License is distributed on an
	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
	<bean id="defaultIdentityService" class="org.eclipse.jetty.security.DefaultIdentityService" />

	<bean id="securityLDAPLoginService" class="org.eclipse.jetty.plus.jaas.JAASLoginService">
	<property name="name" value="ActiveMQLdapRealm" />
	<property name="LoginModuleName" value="jetty-ldap" />
	<property name="identityService" ref="defaultIdentityService" />
	<property name="roleClassNames" value="org.ldaptive.jaas.LdapRole" />
	</bean>

	<bean id="securityConstraint" class="org.eclipse.jetty.util.security.Constraint">
	<logger name="org.ldaptive" additivity="false">
	<level value="DEBUG"/>
	<appender-ref ref="R" />
	<appender-ref ref="stdout" />
	</logger>
	/**
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	dn: olcDatabase={1}hdb,cn=config
	changetype: modify
	delete: olcAccess
	olcAccess: {1}to attrs=userPassword,shadowLastChange by self write by anonymou
	s auth by dn="cn=admin,dc=example,dc=org" write by * none
	-
	add: olcAccess
	olcAccess: {1}to attrs=userPassword,shadowLastChange by ssf=128 break by pee
	rname.ip="127.0.0.1" break by * none
	olcAccess: {2}to attrs=userPassword,shadowLastChange by self write by anonymou