...
The Attribute Mapper is the inverse of attribute encoding. These components inspect metadata (usually of the SP) to extract any SAML2 RequestedAttributes. These are decoded use the same configuration as the attribute encoders to produce produce IdPRequestedAttribute. This decoding includes not only the name changes (from the on-the-wire names to those used to configure the Attribute Resolver and Filter), but also types, as defined by the Attribute Encoders.
...
Parameters to the Attribute Resolution process are supplied by the AttributeResolutionContext class. In addition the AttributeResolverWorkContext is used as work space for the attribute resolution process; this context is entirely private to the attribute resolution process and is only of interest to those components such as components derived from one of the Resolver Plugins.
Programming Guide to Attribute Resolution
A web flow that wishes to invoke the Attribute Resolution subsystem must do the following.
Create an AttributeResolutionContext and populate it with appropriate parameters:
The canonical Prinicipal name
The entityID of the IdP and the SP
Optional ID of an authentication flow used
Additionally the precise names of the attributes resolved can also be set.
Locate an Attribute Resolver
...
, generally be injecting an instance of the “default” resolver service, shibboleth.AttributeResolverService
Call the resolver (via a try-with-resources paradigm to access the locked component and then release it). After resolution, the result can be extracted via the getResolvedIdPAttributes() method and will usually be inserted into an AttributeContext
...
.