Using Shibboleth, is it possible to configure attribute-resolver.xml to set and release an attribute based on the existence of multiple LDAP attributes? For example, I want to release an "email" attribute to the service provider: if LDAP has an attribute and value for "email_2" then use that value ... otherwise use the value in LDAP attribute "email".
I got it hashed out using an embedded script ....
<resolver:AttributeDefinition id="setEmail" xsi:type="ad:Script" dependencyOnly="true">
<resolver:Dependency ref="myLDAP" />
<ad:Script><![CDATA[
importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
setEmail = new BasicAttribute("setEmail");
if(typeof alt_email != "undefined" && alt_email !=null)
{
setEmail.getValues().add(alt_email.getValues().get(0));
}
else
{
setEmail.getValues().add(email.getValues().get(0));
}
]]></ad:Script>
Related
The following code snippet is a MoreLikeThis query built using NEST API:
private class Temp
{
public string Content { get; set; }
public string TextToSearch { get; set; }
}
var temp = new Temp
{
TextToSearch = "empire",
};
var response = await model.ElasticClient.SearchAsync<Temp>(s => s
.Query(q => q
.MoreLikeThis(qd => qd
.Like(l => l.Text(temp.TextToSearch))
.MinTermFrequency(1)
.MinDocumentFrequency(1)
.Fields(fd => fd.Fields(r => r.Content)))));
After executing this code snippet response.Documents did not return any records. But when the following JSON payload is POSTed by POSTMAN, the results are received successfully:
{"query":{"more_like_this":{"fields":["content"],"like":["advanced technology"],"min_doc_freq":1,"min_term_freq":1}}}
This payload is generated by the C# code snippet above when enabling audit trail. While the credentials are passed in both cases properly why the NEST API version 6.5.0 does not receive documents from the elastic search instance?
Is there a bug in the library or we're missing a point?
Besides the TextToSearch being "empire" in the C# example and "advanced technology" in the JSON query DSL example, I strongly suspect that the issue here is that of the index and type being targeted in the NEST case.
When no index and type are provided in the API call:
For index,
Will look to see if there is a default index to use for Temp type configured with DefaultMappingFor<T> on ConnectionSettings
If no default index for Temp, will use the DefaultIndex configured on ConnectionSettings
If no default index is configured on ConnectionSettings, the API call will not be made and NEST will throw an exception to indicate that it does not have enough information to make the API call.
For type,
Will look to see if there is a default type name to use for Temp type configured with DefaultMappingFor<T> on ConnectionSettings
Will look to see if a type name convention is configured using DefaultTypeNameInferrer on ConnectionSettings. If none is configured, or the delegate it is configured with returns null or "" for a given type, then will continue
Will look to see if a default type name is specified with DefaultTypeName on ConnectionSettings. If none is specified, a type name will be inferred for a POCO type by lowercasing the type name. For Temp, this will be temp.
So, assuming you have a default index configured and no convention for type names, the request URI for your NEST example will be
<configured uri>/<default index>/temp/_search
which probably does not match what you are using in Postman.
Check out the documentation to see more details about Index name inference and Type name inference.
Is there an actively maintained nativescript plugin for data caching?
like nativescript-cache but sadly this plugin is now inactive.
you can use nativescript core module application-settings. it does exactly same as nativescript-cache plugin.
import {
getBoolean,
setBoolean,
getNumber,
setNumber,
getString,
setString,
hasKey,
remove,
clear
} from "application-settings";
Set and get boolean value and provide default value in case it is not set
setBoolean("isTurnedOn", true);
this.isTurnedOn = getBoolean("isTurnedOn", true);
Set and get string value
setString("username", "Wolfgang");
this.username = getString("username");
Set and get numeric value.
setNumber("locationX", 54.321);
this.locationX = parseFloat(getNumber("locationX").toFixed(3));
Reading values that are not set before while providing default value
// will return "No string value" if there is no value for "noSuchKey"
this.someKey = getString("noSuchKey", "No string value");
for more information you can refer nativescript docs: https://docs.nativescript.org/angular/code-samples/application-settings
I add users through LDAP for a certain application, made with spring.
While this works for most of the cases, in some cases, it does not work...
The retrieve the users I use:
public class LdapUserServiceImpl implements ILdapUserService {
#Override
public List<LdapUserVO> getUserNamesByQuery(String query) {
return ldapTemplate.search(
query().countLimit(15)
.where("objectClass").is("user")
.and("sAMAccountName").isPresent()
.and(query()
.where("sAMAccountName").like("*" + query + "*")
.or("sAMAccountName").is(query)
.or("displayName").like("*" + query + "*")
.or("displayName").is(query))
,
new AttributesMapper<LdapUserVO>() {
public LdapUserVO mapFromAttributes(Attributes attrs) throws NamingException {
LdapUserVO ldapUser = new LdapUserVO();
Attribute attr = attrs.get(ldapUserSearch);
if (attr != null && attr.get() != null) {
ldapUser.setUserName(attr.get().toString());
}
attr = attrs.get("displayName");
if (attr != null && attr.get() != null) {
ldapUser.setDisplayName(attr.get().toString());
}
return ldapUser;
}
});
}
}
So this works in most of the cases, but sometimes I get the following error:
unprocessed continuation reference(s); remaining name "/"
I've searched a lot about this, and I explicitly set
DefaultSpringSecurityContextSource ctxSrc = new DefaultSpringSecurityContextSource(ldapUrl);
ctxSrc.setReferral("follow");
Some more info:
Search-query "admin_a" works, but "admin_ah" does not
Spring version is 4.2.5.RELEASE
Spring ldap-core version is 2.0.2.RELEASE
I think it strange that the remaining name is the root directory... Does someone has any ideas how to fix this, or even where to start looking?
Thanks in advance!
This may be related with the Active Directory being unable to handle referrals automatically. Please take a look at the LdapTemplate javadoc.
If this is the case, set the ignorePartialResultException property to true in your ldapTemplate configuration.
The reason for this error in my case was that the structure of the new AD had changed (userPrincipleName was now the emailaddress instead of login). Because of this the authentication to the AD worked fine, but no entry could be found that matched the filter, and as such didn't return any result.
So the PartialResultException was only an indication, not the reason. the reason is the lack of any result in the method searchForSingleEntryInternal of the SpringSecurityLdapTemplate class.
In my case, I had to make sure I used the correct userPrincipleName and configure the correct domain and baseDN in my ActiveDirectoryLdapAuthenticationProvider.
I have several DC in my LDAP(like DC=Ny, DC=Oh) and would like to authenticate the user from LDAP through grails spring ldap plugin.
Initially I have used following parameters in the config.groovy file and was able to authenticate the users from newyork but now I have to authenticate the users from both newyork and Ohio.
// Added by the Spring Security Core plugin:
grails.plugins.springsecurity.userLookup.userDomainClassName = 'com.test.SecUser'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'com.test.SecUserSecRole'
grails.plugins.springsecurity.authority.className = 'com.test.SecRole'
// LDAP config
grails.plugins.springsecurity.ldap.context.managerDn = 'CN=P8,OU=P8,OU=Weblogic,OU=PR,OU=Groups - Application,DC=NY,DC=GWL,DC=com'
grails.plugins.springsecurity.ldap.context.managerPassword = 'test'
grails.plugins.springsecurity.ldap.context.server = 'ldap://NY.GWL.com:389/'
grails.plugins.springsecurity.ldap.authorities.ignorePartialResultException = true // typically needed for Active Directory
grails.plugins.springsecurity.ldap.search.base = 'DC=NY,DC=GWL,DC=com'
grails.plugins.springsecurity.ldap.search.filter="sAMAccountName={0}" // for Active Directory you need this
grails.plugins.springsecurity.ldap.search.searchSubtree = true
grails.plugins.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
grails.plugins.springsecurity.ldap.search.attributesToReturn = ['mail', 'displayName'] // extra attributes you want returned; see below for custom classes that access this data
grails.plugins.springsecurity.providerNames = ['ldapAuthProvider', 'anonymousAuthenticationProvider'] // specify this when you want to skip attempting to load from db and only use LDAP
What kind of changes needs to be done in groovy.config file or does I need to do any code changes.
Any help on this will be really helpful.
Thanks
I'm working on a web application with Oracle ATG 10.1.2 and Endeca 3.1.1 (without Endeca Experience Manager), and am trying to get keyword redirect functionality to work.
Ultimately, what I'm trying to accomplish is to get access to the keyword redirect information returned from Endeca (if there was any) in my JSP layer, so I can redirect the user to the keyword redirect URL, and/or display that URL as part of the rendered page.
To get results from Endeca, we are using the /services/guidedsearch packaged service (as described in on p51 of the Assembler Application Developer's Guide (v3.1.1).
If I use my browser to directly access the raw Guided Search output from the Endeca MDEX server, I can see my guided search entry and URL in the endeca:redirect property in the returned XML. I can also see the guided search entry with no problem in the Endeca JSP Reference Application ("orange app").
However, when I use the ATG InvokeAssembler droplet to get results from Endeca, the endeca:redirect entry doesn't seem to be included in the response. The ContentItem map that gets returned only has the following keys:
#type, name, navigation, breadcrumbs, resultsList, searchAdjustments, zones, endeca:siteRootPath, endeca:contentPath
There's no endeca:redirect key like I can see in the raw /services/guidedsearch XML output.
Here's the relevant snippet of my JSP code:
<dsp:droplet name="/atg/endeca/assembler/droplet/InvokeAssembler">
<dsp:param name="includePath" value="/services/guidedsearch" />
<dsp:oparam name="output">
<dsp:getvalueof param="contentItem" var="contentItem" vartype="com.endeca.infront.assembler.ContentItem" />
</dsp:oparam>
</dsp:droplet>
How can I access the keyword redirect information returned from Endeca?
You could also develop your own RedirectAwareHandler and simply extract the redirect from the SupplementList.
public ContentItem process(ContentItem pContentItem) throws CartridgeHandlerException {
ENEQueryResults executeMdexRequest = executeMdexRequest(mMdexRequest);
Object redirectURL = null;
if (executeMdexRequest.getNavigation() != null && executeMdexRequest.getNavigation().getSupplements() != null){
SupplementList supplements = executeMdexRequest.getNavigation().getSupplements();
Supplement supplement = null;
for (Object object : supplements) {
if (object instanceof Supplement) {
supplement = (Supplement) object;
if (supplement.getProperties() != null) {
redirectURL = supplement.getProperties().get("DGraph.KeywordRedirectUrl");
if (redirectURL != null) {
break;
}
}
}
}
}
//And now do your redirect
}
According to Oracle Support doc 1530390.1, the problem is that in ATG 10.1.2, the InvokeAssembler droplet is internally coded to use an Endeca ContentInclude object (which doesn't support keyword redirects), instead of using RedirectAwareContentIncludeHandler (which does).
Per that knowledge document, Hotfix p16099140 can be requested from Oracle Support to address this.