The Shibboleth IdP V4 software will leave support on September 1, 2024.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Current »

Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd

Overview

Attribute encoders convert the internal representation of an IdPAttribute into a particular protocol format. The supported encoders currently support SAML 1, SAML 2, and CAS representations. The mechanism is inherently limited to XML-based output formats.

Attribute encoders are specified with the xsi:type attribute within the <AttributeEncoder> element.

General purpose attribute encoding is best achieved by using the Attribute Registry.  Explicit per-attribute encoding continues to be useful when you want to associate an ActivationCondition with the encoder (though this is also possible via rules in the registry).

Note that a source of confusion is that because of the changes to how this code operates, when you add or remove encoders to your resolver configuration, the changes won't take effect until/unless the AttributeRegistryConfiguration is reloaded.

AttributeEncoder Plugin Types

xsi:type

Function

SAML2String

Encodes an IdPAttribute with simple string values as a SAML 2 Attibute.

SAML2ScopedString

Encodes an IdPAttribute with scoped values as a SAML 2 Attibute.

SAML2XMLObject

Encodes an IdPAttribute with complex XML-based values as a SAML 2 Attribute.

SAML2Base64

Encodes an IdPAttribute with binary values as a SAML 2 Attribute.

SAML1String

Encodes an IdPAttribute with simple string values as a SAML 1 Attibute.

SAML1ScopedString

Encodes an IdPAttribute with scoped values as a SAML 1 Attibute.

SAML1XMLObject

Encodes an IdPAttribute with complex XML-based values as a SAML 1 Attribute.

SAML1Base64

Encodes an IdPAttribute with binary values as a SAML 1 Attribute.

Reference

 Common XML Attributes

The following attributes are common to all encoders:

NameTypeDefaultDescription
encodeTypebooleantrueControls whether the output form will contain an encoder-specific indication of the data type of the values. In XML, this takes the form of xsi:type attributes, which greatly bloat the size and generally should be avoided for string-valued data. The default is to continue to output the information, but we suggest disabling it in newer deployments and after testing against existing services.
activationConditionRefBean Reference

Bean ID of a condition bean that determines whether the encoder should be active, described further here.
Mutually exclusive with relyingParties attribute and <ActivationConditionScript> element

relyingPartieswhitespace-delimited list

List of entity IDs for which this Attribute Encoder should be active.
Mutually exclusive with activationConditionRef attribute and <ActivationConditionScript> element

 Common XML Elements

The following child element is common to all encoders:

Name

Cardinality

Description

<ActivationConditionScript>

0 or 1

Optional embedded script to supply an activation condition for the encoder. Mutually exclusive with the activationConditionRef and relyingParties XML Attributes.

  • No labels