Versions Compared

Old Version 3

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 4

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Overview

Identified by type="Assertion", the Assertion attribute extractor this AttributeExtractor allows well-defined content from within a SAML assertion Assertion to be extracted and passed to an application as an attribute. This supplements the support for extracting a fixed set of information from the assertion and populating well-defined variables/headers (e.g., the Shib-Identity-Provider header and so forth).

Reference

Attributes

The following XML attributes are supported by this type:

Default
NameTypeDescription
ConsentstringIf set, used as Names the SP attribute ID for to carry the value of the Consent attribute found in the response that delivered the assertion
AuthenticatingAuthoritystringIf set, used as Names the SP attribute ID for to carry the value(s) of the <AuthenticatingAuthority> element(s) found in the assertion.
AuthnContextClassRefstring

If set, used as Names the attribute ID for the value SP attribute to carry the value of the <AuthnContextClassRef> element or AuthenticationMethod attribute found in the assertion. Equivalent to the built-in Shib-AuthnContext-Class and Shib-Authentication-Method variables.

AuthnContextDeclRefstringIf set, used as Names the attribute ID for the value SP attribute to carry the value of the <AuthnContextDeclRef> element found in the assertion. Equivalent to the built-in Shib-AuthnContext-Decl variable.
AuthnInstantstringIf set, used as Names the attribute ID for the value SP attribute to carry the value of the AuthnInstant attribute found in the assertion. Equivalent to the built-in Shib-Authentication-Instant variable
IssuerstringIf set, used as Names the attribute ID for the value SP attribute to carry the value of the <Issuer> element found in the assertion. Equivalent to the built-in Shib-Identity-Provider variable.
NotOnOrAfterstringIf set, used as Names the attribute ID for the value SP attribute to carry the value of the NotOnOrAfter attribute found in the assertion.
SessionIndexstringIf set, used as Names the attribute ID for the value SP attribute to carry the value of the SessionIndex attribute found in the assertion. Equivalent to the built-in Shib-Session-Index variable.
SessionNotOnOrAfterstringIf set, used as Names the attribute ID for the value SP attribute to carry the value of the SessionNotOnOrAfter attribute found in the assertion.
AddressstringIf set, used as Names the attribute ID for the value SP attribute to carry the value of the Address attribute found in the assertion's <SubjectLocality> element.
DNSNamestringIf set, used as Names the attribute ID for the value SP attribute to carry the value of the DNSName attribute found in the assertion's <SubjectLocality> element.

Example

Code Block
languagexml
titleExample equivalent to current standard headers
<AttributeExtractor type="Assertion"
    Issuer="Shib-Identity-Provider"
    AuthnInstant="Shib-Authentication-Instant"
    AuthnContextClassRef="Shib-AuthnContext-Class"
    AuthnContextDeclRef="Shib-AuthnContext-Decl"
    SessionIndex="Shib-Session-Index"
/>