Attributes#

External attribute validator#

If the capabilities provided by regular expression input value conversion rules are not sufficient to implement the required business logic for validating the acceptability of an attribute value, the use of an external validator can be programmed and configured for the attribute.

To do this, you need to create a program with an external validator and build it into a JAR file.

The created JAR file should be copied to the servers with Blitz Identity Provider applications. The JAR file location address should be specified in the Java option extensionsDir.

Example:

export JAVA_OPTS="${JAVA_OPTS} -DextensionsDir=/usr/share/identityblitz/extensions"

In the blitz.prod.local.idp.id-attrs.attrsMeta attribute settings block, you must add validators block in the source block to the attribute description block for which you want to enable validation via an external validator:

  • in the className setting, specify the address of the Java class that implements the AttributeValidator interface from the Blitz JDK;

  • in the conf block, specify the settings to be passed to the validator.

Example of configuration:

"id-attrs" : {
    "attrsMeta" : [
        {
            {
                "class" : "verified-mobile",
                "format" : "string",
                "name" : "phone_number",
                "realmed" : false,
                "required" : false,
                "searchable" : true,
                "source" : {
                    "validators" : [
                        {
                            "className" : "validator.MobileValidator",
                            "conf" : {
                                "conf1" : "value1"
                            }
                        }
                    ],
                    "type" : "idStore"
                },
                "unique" : false
            },
            …
        }
    ]
}

Attribute translator#

You can associate a translator with an attribute that describes the attribute’s conversion rules for reading from the LDAP directory and writing to the LDAP directory. In the attribute storage settings block in the blitz.prod.local.idp.id-stores.list.mappingRules section of the attribute matching settings, in the attribute description block for which you want to enable a translator, you must add the translator block with the className setting, in which you must specify the name of the Java class that implements the translation algorithm. The Java class must implement the implementation of the LdapAttributeTranslator interface from the Blitz JDK.

If you need to configure the translator for the objectGUID attribute from the Active Directory LDAP directory so that this attribute is represented as a GUID string rather than in byte form, you can use the Blitz Identity Provider built-in Java class com.identityblitz.idp.store.ldap.core.translator.ObjectGUIDTranslator.

Example of configuration:

"id-stores" : {
    "list" : [
        {
            …
            "mappingRules" : [
                …
                {
                    "name" : "objectGUID",
                    "storeAttr" : "objectGUID",
                    "translator" : {
                        "className" :
                            "com.identityblitz.idp.store.ldap.core.translator.ObjectGUIDTranslator"
                }
            ],
        },
        …
    ]
}

Using a self-developed translator, it is necessary to create a program with an external translator and assemble it into a JAR file.

The created JAR file should be copied to the servers with Blitz Identity Provider applications. The JAR file location address should be specified in the Java option extensionsDir.

Example:

export JAVA_OPTS="${JAVA_OPTS} -DextensionsDir=/usr/share/identityblitz/extensions"