The Prescoped
attribute definition turns a simple string-valued attribute into a two-part scoped attribute by splitting the input attribute into three parts, the value, a (fixed) delimiter, and the scope/suffix. Such attributes can be used as input to the SAML2ScopedStringEncoder and SAML1ScopedStringAttributeEncoder attribute encoders.
The prescoped attribute definition is useful when a data connector returns attributes with values which already have an appropriate scope appended in the source system.
Schema Name and Location
This xsi:type
is defined in the urn:mace:shibboleth:2.0:resolver
namespace 3.3, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
Prior to V3.3 supplied plugins were defined by a schema type in the urn:mace:shibboleth:2.0:resolver:ad
namespace, the schema for which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-ad.xsd. This is still supported, but every element or type in the old namespace has an equivalently named (but not necessarily identical) version in the urn:mace:shibboleth:2.0:resolver
namespace. The use of the urn:mace:shibboleth:2.0:resolver
namespace also allows a relaxation of the ordering requirements of child elements to reduce strictness.
Attributes
Any of the common attributes can be specified. In addition, the optional scopeDelimiter
attribute defines the delimiter which separates the value from the scope. The default is "@".
Child Elements
Any of the common child elements can be specified.
Example
<AttributeDefinition xsi:type="Prescoped" id="eduPersonPrincipalName" sourceAttributeID="eduPersonPrincipalName"> <Dependency ref="myLDAP" /> <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" /> <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" /> </AttributeDefinition>