Page Comparison

The <AttributeExtractor> element configures the component used by the SP to turn SAML content into "attributes", the internal/neutral representation of information stored with within user sessions. While there are no specifically "mandated" points at which extractors run, the SP generally invokes extraction With the exception of a few built-in data elements associated with each session, most of the data an application is able to access about a session is made up of the internal attributes that are produced by using one or more attribute extractors.

The SP generally invokes the extraction step following the acceptance of assertions during SSO and as a result of secondary attribute resolution from SAML-based sources such as an Attribute Authority. Actually performing the filtering process is typically up to an Assertion Consumer Service handler (in the case of attributes delivered during SSO) or an attribute resolverExtraction is generally followed by a filtering step that can apply rules over what attributes or values to accept.

In general, extractors can be handed many different XML element types and are free to process them or ignore them as their implementation or configuration dictates.

Extractor Types

Several different Attribute Extractors are available.  They are selected using the type= attribute.  Each type has its own Child Elements and Attributes. 

...

Like most plugins, the type attribute determines which type of plugin to use. Each type supports its own attributes and child elements.

Types