...
Overview
Identified by type="Assertion"
, the Assertion attribute extractor this AttributeExtractor allows well-defined content from within a SAML assertion Assertion to be extracted and passed to an application as an attribute. This supplements the support for extracting a fixed set of information from the assertion and populating well-defined variables/headers (e.g., the Shib-Identity-Provider header and so forth).
Reference
Attributes
The following XML attributes are supported by this type:
Name | Type | DefaultDescription | |
---|---|---|---|
Consent | string | If set, used as Names the SP attribute ID for to carry the value of the Consent attribute found in the response that delivered the assertion | |
AuthenticatingAuthority | string | If set, used as Names the SP attribute ID for to carry the value(s) of the <AuthenticatingAuthority> element(s) found in the assertion. | |
AuthnContextClassRef | string | If set, used as Names the attribute ID for the value SP attribute to carry the value of the | |
AuthnContextDeclRef | string | If set, used as Names the attribute ID for the value SP attribute to carry the value of the <AuthnContextDeclRef> element found in the assertion. Equivalent to the built-in Shib-AuthnContext-Decl variable. | |
AuthnInstant | string | If set, used as Names the attribute ID for the value SP attribute to carry the value of the AuthnInstant attribute found in the assertion. Equivalent to the built-in Shib-Authentication-Instant variable | |
Issuer | string | If set, used as Names the attribute ID for the value SP attribute to carry the value of the <Issuer> element found in the assertion. Equivalent to the built-in Shib-Identity-Provider variable. | |
NotOnOrAfter | string | If set, used as Names the attribute ID for the value SP attribute to carry the value of the NotOnOrAfter attribute found in the assertion. | |
SessionIndex | string | If set, used as Names the attribute ID for the value SP attribute to carry the value of the SessionIndex attribute found in the assertion. Equivalent to the built-in Shib-Session-Index variable. | |
SessionNotOnOrAfter | string | If set, used as Names the attribute ID for the value SP attribute to carry the value of the SessionNotOnOrAfter attribute found in the assertion. | |
Address | string | If set, used as Names the attribute ID for the value SP attribute to carry the value of the Address attribute found in the assertion's <SubjectLocality> element. | |
DNSName | string | If set, used as Names the attribute ID for the value SP attribute to carry the value of the DNSName attribute found in the assertion's <SubjectLocality> element. |
Example
Code Block | ||||
---|---|---|---|---|
| ||||
<AttributeExtractor type="Assertion" Issuer="Shib-Identity-Provider" AuthnInstant="Shib-Authentication-Instant" AuthnContextClassRef="Shib-AuthnContext-Class" AuthnContextDeclRef="Shib-AuthnContext-Decl" SessionIndex="Shib-Session-Index" /> |