Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd

Overview

Attribute encoders convert the internal representation of an IdPAttribute into a particular protocol format. The supported encoders currently support SAML 1, SAML 2, and CAS representations. The mechanism is inherently limited to XML-based output formats.

Attribute encoders are specified with the xsi:type attribute within the <AttributeEncoder> element.

General purpose attribute encoding is best achieved by using the Attribute Registry.  Explicit per-attribute encoding continues to be useful when you want to associate an ActivationCondition with the encoder (though this is also possible via rules in the registry).

Note that a source of confusion is that because of the changes to how this code operates, when you add or remove encoders to your resolver configuration, the changes won't take effect until/unless the AttributeRegistryConfiguration is reloaded.

AttributeEncoder Plugin Types

xsi:type

Function

SAML2String

Encodes an IdPAttribute with simple string values as a SAML 2 Attibute.

SAML2ScopedString

Encodes an IdPAttribute with scoped values as a SAML 2 Attibute.

SAML2DateTime

Encodes an IdPAttribute with date/time values as a SAML 2 Attribute.

SAML2XMLObject

Encodes an IdPAttribute with complex XML-based values as a SAML 2 Attribute.

SAML2Base64

Encodes an IdPAttribute with binary values as a SAML 2 Attribute.

SAML1String

Encodes an IdPAttribute with simple string values as a SAML 1 Attibute.

SAML1ScopedString

Encodes an IdPAttribute with scoped values as a SAML 1 Attibute.

SAML1XMLObject

Encodes an IdPAttribute with complex XML-based values as a SAML 1 Attribute.

SAML1Base64

Encodes an IdPAttribute with binary values as a SAML 1 Attribute.

Reference

 Common XML Attributes

The following attributes are common to all encoders:

NameTypeDefaultDescription
encodeTypebooleantrueControls whether the output form will contain an encoder-specific indication of the data type of the values. In XML, this takes the form of xsi:type attributes, which greatly bloat the size and generally should be avoided for string-valued data. The default is to continue to output the information, but we suggest disabling it in newer deployments and after testing against existing services.
activationConditionRefBean Reference

Bean ID of a condition bean that determines whether the encoder should be active, described further here.
Mutually exclusive with relyingParties attribute and <ActivationConditionScript> element

relyingPartieswhitespace-delimited list

List of entity IDs for which this Attribute Encoder should be active.
Mutually exclusive with activationConditionRef attribute and <ActivationConditionScript> element

 Common XML Elements

The following child element is common to all encoders:

Name

Cardinality

Description

<ActivationConditionScript>

0 or 1

Optional embedded script to supply an activation condition for the encoder. Mutually exclusive with the activationConditionRef and relyingParties XML Attributes.

  • No labels