Versions Compared

Old Version 30

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 31

changes.mady.by.user Aaron Howell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In general, extractors can be handed many different XML element types and are free to process them or ignore them as their implementation or configuration dictates.

Table of Contents

...

Common Attributes

  • type(string)
    • Plugin type name.

...

The XML attribute extractor's XML "portion" is a reloadable resource, which means that the XML content can be supplied inline, in a local file, or a remote file, and can be monitored for changes and reloaded on the fly. The root of the XML instance MUST be an <am:Attributes> element.

Code Block
xml
xml

<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <Attribute name="urn:oid:2.5.4.3" id="cn"/>
    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" id="eppn">
        <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
    </Attribute>
</Attributes>

...

Each <am:Attribute> element installs a rule for extracting a named SAML attribute or name identifier into an internal attribute. The source of the attribute is identified with the name (and possibly nameFormat) XML attributes and internally tagged with the id (and possibly aliases) XML attributes. The aliases feature is deprecated and may be removed from a future release, consider revising to use the Transform AttributeResolver.

The name property corresponds to the Name XML attribute of a SAML <Attribute> element or the Format XML attribute of a SAML <NameID>/<NameIdentifier> element.

...

Code Block
xml
titleExample equivalent to current standard headers
xml

<AttributeExtractor type="Assertion"
    Issuer="Shib-Identity-Provider"
    AuthnInstant="Shib-Authentication-Instant"
    AuthnContextClassRef="Shib-AuthnContext-Class"
    AuthnContextDeclRef="Shib-AuthnContext-Decl"
    SessionIndex="Shib-Session-Index"
/>

...

Indicated by type="Metadata", allows well-defined content from within SAML metadata to be extracted and passed to an application as an attribute. This plugin executes only when extraction of an <md:RoleDescriptor> (or one of its concrete subtypes) is done, which is dependent on the use of the metadataAttributePrefix application setting.

Code Block
xml
xml

<AttributeExtractor type="Metadata" errorURL="errorURL" DisplayName="displayName"/>

...

The attribute extractor's configuration is a reloadable resource, which means that the XML content can be supplied inline, in a local file, or a remote file, and can be monitored for changes and reloaded on the fly. The root of the XML instance MUST be an <am:Attributes> element.

Code Block
xml
xml

<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <GSSAPIAttribute name="urn:ietf:params:gss-eap:radius-avp urn:x-radius:1" id="radius-1"/>
</Attributes>

...