Indicated by type="Assertion"
, the Assertion attribute extractor allows well-defined content from within a SAML assertion to be extracted and passed to an application as an attribute. This supplements the support for extracting a fixed set of information from the assertion and populating well-defined variables/headers (e.g., the Shib-Identity-Provider header and so forth).
Attributes
Name | Type | Default | Description |
---|---|---|---|
Consent | string | If set, used as the attribute ID for the value of the Consent attribute found in the response that delivered the assertion | |
AuthenticatingAuthority | string | If set, used as the attribute ID for the value(s) of the <AuthenticatingAuthority> element(s) found in the assertion. | |
AuthnContextClassRef | string | If set, used as the attribute ID for the value of the | |
AuthnContextDeclRef | string | If set, used as the attribute ID for the value of the <AuthnContextDeclRef> element found in the assertion. Equivalent to the built-in Shib-AuthnContext-Decl variable. | |
AuthnInstant | string | If set, used as the attribute ID for the value of the AuthnInstant attribute found in the assertion. Equivalent to the built-in Shib-Authentication-Instant variable | |
Issuer | string | If set, used as the attribute ID for the value of the <Issuer> element found in the assertion. Equivalent to the built-in Shib-Identity-Provider variable. | |
NotOnOrAfter | string | If set, used as the attribute ID for the value of the NotOnOrAfter attribute found in the assertion. | |
SessionIndex | string | If set, used as the attribute ID for the value of the SessionIndex attribute found in the assertion. Equivalent to the built-in Shib-Session-Index variable. | |
SessionNotOnOrAfter | string | If set, used as the attribute ID for the value of the SessionNotOnOrAfter attribute found in the assertion. | |
Address | string | If set, used as the attribute ID for the value of the Address attribute found in the assertion's <SubjectLocality> element. | |
DNSName | string | If set, used as the attribute ID for the value of the DNSName attribute found in the assertion's <SubjectLocality> element. |
Example
Example equivalent to current standard headers
<AttributeExtractor type="Assertion" Issuer="Shib-Identity-Provider" AuthnInstant="Shib-Authentication-Instant" AuthnContextClassRef="Shib-AuthnContext-Class" AuthnContextDeclRef="Shib-AuthnContext-Decl" SessionIndex="Shib-Session-Index" />