When the Shibboleth login is enabled, OpenOLAT synchronizes Shibboleth attributes to user properties. The synchronisazion happens every time when a user logs in via Shibboleth.
The mapping of Shibboleth attributes to OpenOLAT user properties is configurable in olat.local.properties. For the mapping of each attribute four values are configurable.
| Parameter | Description | Mandatory | Values |
|---|---|---|---|
| shibboleth.user.mapping.key1.shib | Shibboleth attribute name | yes | |
| shibboleth.user.mapping.key1.olat | OpenOLAT user property name | yes | |
| shibboleth.user.mapping.key1.handler | Attribute handler | no | DoNothing (default), FirstValue, SchacGender, ... |
| shibboleth.user.mapping.key1.delete | Delete or keep user properties if Shibboleth delivers nothing | no | true (default) / false |
The user properties email, first name and last name are mandatory in OpenOLAT. So the configuration for these three properties are simplified. It is sufficient to set the names of the Shibbolet attributes. You dont have to explicty specify the user properties. The mandatory user properties are never deleted, so there are no appropriate configurations.
The possible values for the parameter shibboleth.user.mapping.keyXY.olat are available in OpenOLAT: Administration > Customizing > User Properties. You have to use the "Name" of the user property in the configuration file.
The attribute handler transforms the delivered Shibbleth attribute value before it is assigned to a user property. E. g. the SchacGender handler maps the values 1 and 2 to the values male and female.
DoNothing
This handler does not transform the incomming value in any form.
FirstValue
Shibboleth knows the so called multi values. This handler takes the first value of them.
SchacGender
Value Mapping
OpenOLAT can be expanded with custom attribute handlers. A custom attribute handler has to implement the Interface "org.olat.shibboleth.handler.ShibbolethAttributeHandler". Further it must be a Spring @Component. In the configuration file you have to set the Spring component name to the handler value. Example:
@Component("DoNothing")
class DoNothingHandler implements ShibbolethAttributeHandler {
@Override
public String parse(String shibbolethAttributeValue) {
return shibbolethAttributeValue;
}
}
Before OpenOLAT 12.0 the configuration of the attribute mapping was hard coded for the University of Zurich. You have to use the following configuration to gain the same mapping.
shibboleth.uid.shib=DefaultUID shibboleth.user.mapping.email.shib=Shib-InetOrgPerson-mail shibboleth.user.mapping.email.handler=FirstValue shibboleth.user.mapping.first.name.shib=Shib-InetOrgPerson-givenName shibboleth.user.mapping.last.name.shib=Shib-Person-surname shibboleth.user.mapping.key1.shib=Shib-SwissEP-HomeOrganization shibboleth.user.mapping.key1.olat=institutionalName shibboleth.user.mapping.key1.delete=false shibboleth.user.mapping.key2.shib=Shib-InetOrgPerson-mail shibboleth.user.mapping.key2.olat=institutionalEmail shibboleth.user.mapping.key2.handler=FirstValue shibboleth.user.mapping.key2.delete=false shibboleth.user.mapping.key3.shib=Shib-InetOrgPerson-employeeNumber shibboleth.user.mapping.key3.olat=institutionalUserIdentifier shibboleth.user.mapping.key3.delete=false