The decoder, indicated by xsi:type="DOMAttributeDecoder
, processes SAML attribute values as an arbitrary XML DOM tree."
This plugin is a somewhat experimental attempt at providing limited support for "rich" XML-valued attribute information. It works best on XML structures without embedded "repeating" elements. Only limited support for accessing the iterated data is included.
The main limitation of this mechanism is that for the SP to provide a useful function, it has to be able to simplify the XML into a string. Otherwise the application might just as well parse the SAML assertion directly, and that may often be the better approach. However, if the XML structure is sufficiently simple, the decoder plugin offers the ability to pull information out of it using a quick and dirty notation as follows:
Any of the Common Attributes can be specified In addition the following can be used
Name | Type | Default | Description |
---|---|---|---|
| string | required | A required formatting string that turns the XML content into a flat string. The string contains one or more substitution tags consisting of a dollar sign ($) followed by a "path specifier", as described above. Other characters are echoed through to the constructed string. |
Name | Cardinality | Description | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
<Mapping > | 0 or 1 | Allows an XML attribute or element to be "mapped" into a shorter or qualified name in the resulting structured representation of the data. The purpose of this feature is to allow for namespace-qualified XML by allowing qualified names to be turned into local "tags" that don't require the two part structure of a qualified name.
|
As an example, consider this rich SAML 1.1 attribute:
<saml:Attribute AttributeName="https://example.org/personalprofile" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"> <saml:AttributeValue> <prof:Profile xmlns:prof="https://example.org/personalprofile"> <prof:Name> <prof:First>John</prof:First> <prof:Last>Doe</prof:Last> </prof:Name> <prof:Email>doe@example.org</prof:Email> <prof:Email>jdoe@gmail.com</prof:Email> </prof:Profile> </saml:AttributeValue> </saml:Attribute> |
The following attribute declaration will produce a value of "John Doe, jdoe@gmail.com
"
<Attribute name="https://example.org/personalprofile"> <AttributeDecoder xsi:type="DOMAttributeDecoder" formatter="$Profile.Name.First $Profile.Name.Last, $Profile.Email.[1]"/> </Attribute> |