...
To define a new mapping, one needs to add a new <Attribute>
element. The name
property in the rule corresponds to the formal SAML name the IdP is using for the attribute, generally a URI. The id
property is the shorthand name to use, and determines the environment variable or header by which the attribute will be made available to the web application.
Code Block | |||||||||
---|---|---|---|---|---|---|---|---|---|
|
|||||||||
<Attribute name="https://example.org/myAttributes/FavoriteFruit" id="favFruit"/>
|
If the IdP uses an AttributeNamespace
other than urn:mace:shibboleth:1.0:attributeNamespace:uri
(SAML 1.x), or a NameFormat
other than urn:oasis:names:tc:SAML:2.0:attrname-format:uri
or urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
(SAML 2.0) then you must also include a nameFormat
attribute with the corresponding value.
Code Block | ||
---|---|---|
| ||
<Attribute name="https://example.org/myAttributes/FavoriteFruit" id="favFruit" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/> |
Custom Decoders
For most attributes, a simple rule as above is sufficient, but if the attribute's values are more than simple strings, a custom <AttributeDecoder>
needs to be supplied inside the <Attribute>
element.
...