Versions Compared

Old Version 3

changes.mady.by.user Rod Widdowson

Saved on

compared with

New Version 4

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The SubjectDerivedAttribute SubjectDerivedAttribute 3.3 attribute attribute definition exposes the attributes values associated with Principals for this flow.  A configuration short cut derived from the Subject(s) produced by the authentication flow(s) used to authenticate the subject of the profile request. A configuration shortcut allows for the values from any IdPAttribute objects contained inside an IdPAttributePrincipal; IdPAttributePrincipal objects to be pulled out, which is an effective way to tunnel attribute data from outside the IdP provided by the External authentication flow.

Schema Name and Location

This xsi:type is defined by the urn:mace:shibboleth:2.0:resolver schema 3 namespace 3.3, the schema for which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd.

Prior to V3.3 supplied plugins were defined by a schema type (xsi:type) in the the urn:mace:shibboleth:2.0:resolver:ad namespace, whose schema , which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-ad.xsd.  This is still This remains supported, but every element or type in the  urn:mace:shibboleth:2.0:resolver:ad schema has namespace has an equivalently named (but not necessarily identical) version in the the urn:mace:shibboleth:2.0:resolver  schema namespace.  The The use of the  urn:mace:shibboleth:2.0:resolver schema resolver namespace also allows a relaxation of the ordering requirements of sub child elements and so a more natural order can be applied.  Note that versions earlier than 3.3 are no longer supported and you should look to upgrade at the soonest opportunity.

Attributes

Any of the common attributes can be specified. Note that this attribute definition does not require a sourceAttributeID attribute sourceAttributeID attribute since the information is not resolved from an input a dependent attribute. If one is supplied, it is ignored.

Additionally exactly one of the following should must be provided (but not both):

Name
Type
Description
principalAttributeName
stringThe name of an attribute found inside
a  IdPAttributePrincipal;
an IdPAttributePrincipal contained in one of the authenticated Subject(s)
attributeValuesFunctionRef
string
Bean referenceThe name of a Spring Bean
defined elsewhere. This bean should implement
implementing Function<Principal, List<IdPAttributeValue>>, this function will be invoked for each Principal found with the authenticated Subject(s)

Child Elements

Any of the common child elements can be specified. Note that this attribute definition does not require a <Dependency> child element since the information is not resolved from an input a dependent attribute. If any are supplied, then they are ignored.

...