...
In general, extractors can be handed many different XML element types and are free to process them or ignore them as their implementation or configuration dictates.
Table of Contents |
---|
...
Common Attributes
type
(string)- Plugin type name.
...
The XML attribute extractor's XML "portion" is a reloadable resource, which means that the XML content can be supplied inline, in a local file, or a remote file, and can be monitored for changes and reloaded on the fly. The root of the XML instance MUST be an <am:Attributes>
element.
Code Block | ||||
---|---|---|---|---|
| ||||
<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Attribute name="urn:oid:2.5.4.3" id="cn"/>
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" id="eppn">
<AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
</Attribute>
</Attributes>
|
...
Each <am:Attribute>
element installs a rule for extracting a named SAML attribute or name identifier into an internal attribute. The source of the attribute is identified with the name
(and possibly nameFormat
) XML attributes and internally tagged with the id
(and possibly aliases
) XML attributes. The aliases
feature is deprecated and may be removed from a future release, consider revising to use the Transform AttributeResolver.
The name
property corresponds to the Name
XML attribute of a SAML <Attribute>
element or the Format
XML attribute of a SAML <NameID>
/<NameIdentifier>
element.
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<AttributeExtractor type="Assertion"
Issuer="Shib-Identity-Provider"
AuthnInstant="Shib-Authentication-Instant"
AuthnContextClassRef="Shib-AuthnContext-Class"
AuthnContextDeclRef="Shib-AuthnContext-Decl"
SessionIndex="Shib-Session-Index"
/>
|
...
Indicated by type="Metadata"
, allows well-defined content from within SAML metadata to be extracted and passed to an application as an attribute. This plugin executes only when extraction of an <md:RoleDescriptor>
(or one of its concrete subtypes) is done, which is dependent on the use of the metadataAttributePrefix
application setting.
Code Block | ||||
---|---|---|---|---|
| ||||
<AttributeExtractor type="Metadata" errorURL="errorURL" DisplayName="displayName"/>
|
...
The attribute extractor's configuration is a reloadable resource, which means that the XML content can be supplied inline, in a local file, or a remote file, and can be monitored for changes and reloaded on the fly. The root of the XML instance MUST be an <am:Attributes>
element.
Code Block | ||||
---|---|---|---|---|
| ||||
<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<GSSAPIAttribute name="urn:ietf:params:gss-eap:radius-avp urn:x-radius:1" id="radius-1"/>
</Attributes>
|
...