View Source

Overview

Identified by type="Assertion", this AttributeExtractor allows well-defined content from within a SAML Assertion to be extracted and passed to an application as an attribute. This supplements the support for extracting a fixed set of information from the assertion and populating well-defined variables/headers (e.g., the Shib-Identity-Provider header and so forth).

Reference

Attributes

The following XML attributes are supported by this type:

Name	Type	Description
`Consent`	string	Names the SP attribute to carry the value of the `Consent` attribute found in the response that delivered the assertion
`AuthenticatingAuthority`	string	Names the SP attribute to carry the value(s) of the `<AuthenticatingAuthority>` element(s) found in the assertion
`AuthnContextClassRef`	string	Names the SP attribute to carry the value of the `<AuthnContextClassRef>` element or `AuthenticationMethod` attribute found in the assertion. Equivalent to the built-in Shib-AuthnContext-Class and Shib-Authentication-Method variables.
`AuthnContextDeclRef`	string	Names the SP attribute to carry the value of the `<AuthnContextDeclRef>` element found in the assertion. Equivalent to the built-in Shib-AuthnContext-Decl variable.
`AuthnInstant`	string	Names the SP attribute to carry the value of the `AuthnInstant` attribute found in the assertion. Equivalent to the built-in Shib-Authentication-Instant variable
`Issuer`	string	Names the SP attribute to carry the value of the `<Issuer>` element found in the assertion. Equivalent to the built-in Shib-Identity-Provider variable.
`NotOnOrAfter`	string	Names the SP attribute to carry the value of the `NotOnOrAfter` attribute found in the assertion
`SessionIndex`	string	Names the SP attribute to carry the value of the `SessionIndex` attribute found in the assertion. Equivalent to the built-in Shib-Session-Index variable.
`SessionNotOnOrAfter`	string	Names the SP attribute to carry the value of the `SessionNotOnOrAfter` attribute found in the assertion
`Address`	string	Names the SP attribute to carry the value of the `Address` attribute found in the assertion's `<SubjectLocality>` element
`DNSName`	string	Names the SP attribute to carry the value of the `DNSName` attribute found in the assertion's `<SubjectLocality>` element

Example

<AttributeExtractor type="Assertion"
    Issuer="Shib-Identity-Provider"
    AuthnInstant="Shib-Authentication-Instant"
    AuthnContextClassRef="Shib-AuthnContext-Class"
    AuthnContextDeclRef="Shib-AuthnContext-Decl"
    SessionIndex="Shib-Session-Index"
/>