type="KeyDescriptor", this attribute extractor this AttributeExtractor allows the signing/TLS or encryption keys advertised in an IdP's metadata to be exposed as attributes within the SP. This plugin executes only when extraction of an
<md:RoleDescriptor> (or one of its concrete subtypes) is done, which is dependent on the use of the
metadataAttributePrefix application setting
Any public keys that apply (see below) are encoded as DER, using the SubjectPublicKeyInfo encoding commonly used in certificates, and then base64-encoded. At least
The following XML attributes are supported to control extraction (one of the two attributes below must be specified.
first three MUST be set):
If set, public keys marked for signing or TLS authentication will be placed into an SP attribute with the specified name.
If set, public keys valid for encryption will be placed into an SP attribute with the specified name.
|string||If set, public keys marked for signing or TLS authentication will be placed into an attribute with the specified name. The DER-encoded keys are hashed before being base64-encoded.|
|string||Optional name of hashing algorithm to use if the |
<AttributeExtractor type="KeyDescriptor" hashId="hashed-keys" hashAlg="SHA256" />