Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

AttributeDefintions produce a single IdPAttribute object, a neutral/internal representation of data. These objects eventually become SAML Attributes, OIDC claims, or other protocol-specific represenations through a process called "encoding". Encoding rules are established either through generic rules established via the AttributeRegistryConfiguration or, as in older versions, by attaching AttributeEncoder plugins within the Attribute Definition.

The ability to attach encoders is what distinguishes the product of an AttributeDefinition from an IdPAttribute produced by DataConnectors, so the difference has started to become somewhat historical with the new registry service providing a more generic facility.

...

The following types are supported:

xsi:type

Function

Simple

Copies an input attribute to an output attribute. Typically this was used to 'expose' attributes sourced from a DataConnector, and is often superfluous now with the ability to export attributes from them directly.

PrincipalName

Exposes the subject's canonicalized principal name as a single-valued attribute

Scoped

Applies a (fixed) scope to the input attribute's values

Prescoped

Splits input attribute values into values and scopes

RegexSplit

Splits input attribute values according to a regular expression

ScriptedAttribute

Generates an attributes using a JSR-223 script

Mapped

Allows many to many mapping of input values to output values according to regular expression mapping rules

Template

Feeds the input values (potentially from multiple input attributes) into a Velocity template to construct output values

SubjectDerived

Extracts individual attribute data from authenticated Subject(s), this is frequently better handled now by the Subject DataConnector

ContextDerived

Extract arbitrary data from the request context via a Function bean

Decrypted

 4.1

Decrypt input values using a DataSealer

DateTime

4.3

Convert string input values into date/time values

Reference

All connectors support a set of common XML Attributes and Elements for configuring common behavior.

Expand
titleXML Attributes
Include Page
IDP5:AttributeDefinitionCommonAttributesIDP5:
AttributeDefinitionCommonAttributes
Expand
titleXML Elements
Include Page
IDP5:AttributeDefinitionCommonChildElementsIDP5:
AttributeDefinitionCommonChildElements

...