Versions Compared

Old Version 2

changes.mady.by.user Rod Widdowson

Saved on

compared with

New Version 3

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

The <AttributeResolver> element configures a plugin responsible for obtaining additional identity components that can be enabled to obtain additional attributes about the logged-in user following a SSO event, as well as transforming or creating new attributes internally.

During SSO, the IdP can (and generally does) supply attributes in a "push" fashion inside the SAML assertions it issues. These attributes are decoded with an attribute extractorAttributeExtractor and cached with the user's session. The purpose of a resolver plugin is to "pull" attributes from additional sources or to transform existing attributes in some way.

Resolver Types

Several different Attribute Resolvers are available.  They are selected using the type= attribute.  Each type has its own Child Elements and Attributes. 

...

SimpleAggregation Attribute Resolver

...

Transform Attribute Resolver

...

Template Attribute Resolver

...

UpperCase Attribute Resolver

...

Like most plugins, the type attribute determines which type of plugin to use. Each type supports its own attributes and child elements.

Types

typeDescription
QueryIssues a SAML AttributeQuery to the originating IdP to obtain attributes when they are omitted from the original assertion
SimpleAggregation

Issues one or more SAML Attribute Queries to third-party Attribute Authorities independent of the originating IdP using identifier(s) obtained during SSO

TransformApplies one or more regular expressions to an input attribute, either replacing its values, or generating new attribute(s)
TemplatePlugs values from one or more existing attributes into a template string that can combine the original attributes into a new attribute
UpperCaseConverts the values of an attribute into upper case, either replacing its values, or generating a new attribute
LowerCaseConverts the values of an attribute into lower case, either replacing its values, or generating a new attribute

Reference

Common Attributes

All <AttributeResolver> plugins support the following attributes:

NameTypeReq?Description

type

stringY

Specifies the type of AttributeResolver plugin to use