Versions Compared

Old Version 2

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version Current

changes.mady.by.user Rod Widdowson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Overview

Identified by type="Delegation", this attribute extractor this AttributeExtractor allows content from within a SAML DelegationRestriction condition to be extracted and passed to an application as an attribute. This allows for finer-grained control over delegation at an SP. The information that's eventually expressed in string form to the application is controlled by a formatter XML attribute that can reference specific content from within the <del:Delegate> elements in the condition.

Reference

Attributes

The following XML attributes are supported by this type:

Name

Type

Default

Req?

Description

attributeId

string

RequiredRequired setting that specifies the internal

Y

SP attribute name to

be populated

populate

formatter

string


An expression containing any number of "substitution" variables starting with a '$' character that reference information from the <del:Delegate> element.

The

Set

set of formatter variables consists of

$Name,
$Format,
$NameQualifier,
$SPNameQualifier,
$SPProvidedID

:

  • Information derived from the corresponding content of the 

<saml

  • <saml2:NameID> element found within the <del:Delegate> element. Typically delegates are SAML entities that are named by entityIDs and only the $Name property is relevant

$ConfirmationMethod

  • .

    • $Name

    • $Format

    • $NameQualifier

    • $SPNameQualifier

    • $SPProvidedID

  • A SAML confirmation method URI that identifies how the delegate confirmed its identity to the IdP.

$DelegationInstant

    • $ConfirmationMethod

  • The time at which the delegate confirmed its identity to the IdP.

    • $DelegationInstant