Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Indicated by type="Assertion", the Assertion attribute extractor allows well-defined content from within a SAML assertion to be extracted and passed to an application as an attribute. This supplements the support for extracting a fixed set of information from the assertion and populating well-defined variables/headers (e.g., the Shib-Identity-Provider header and so forth).

Attributes

NameTypeDefaultDescription
Consentstring
If set, used as the attribute ID for the value of the Consent attribute found in the response that delivered the assertion
AuthenticatingAuthoritystring
If set, used as the attribute ID for the value(s) of the <AuthenticatingAuthority> element(s) found in the assertion.
AuthnContextClassRefstring

If set, used as the attribute ID for the value of the <AuthnContextClassRef> element found in the assertion. Equivalent to the built-in Shib-AuthnContext-Class and Shib-Authentication-Method variables.

AuthnContextDeclRefstring
If set, used as the attribute ID for the value of the <AuthnContextDeclRef> element found in the assertion. Equivalent to the built-in Shib-AuthnContext-Decl variable.
AuthnInstantstring
If set, used as the attribute ID for the value of the AuthnInstant attribute found in the assertion. Equivalent to the built-in Shib-Authentication-Instant variable
Issuerstring
If set, used as the attribute ID for the value of the <Issuer> element found in the assertion. Equivalent to the built-in Shib-Identity-Provider variable.
NotOnOrAfterstring
If set, used as the attribute ID for the value of the NotOnOrAfter attribute found in the assertion.
SessionIndexstring
If set, used as the attribute ID for the value of the SessionIndex attribute found in the assertion. Equivalent to the built-in Shib-Session-Index variable.
SessionNotOnOrAfterstring
If set, used as the attribute ID for the value of the SessionNotOnOrAfter attribute found in the assertion.
Addressstring
If set, used as the attribute ID for the value of the Address attribute found in the assertion's <SubjectLocality> element.
DNSNamestring
If set, used as the attribute ID for the value of the DNSName attribute found in the assertion's <SubjectLocality> element.

Example

Example equivalent to current standard headers
<AttributeExtractor type="Assertion"
    Issuer="Shib-Identity-Provider"
    AuthnInstant="Shib-Authentication-Instant"
    AuthnContextClassRef="Shib-AuthnContext-Class"
    AuthnContextDeclRef="Shib-AuthnContext-Decl"
    SessionIndex="Shib-Session-Index"
/>
  • No labels