/
SAML2ScopedStringEncoder

The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.

SAML2ScopedStringEncoder

Jul 10, 2018

The SAML2ScopedString attribute encoder encodes an IdPAttribute with "scoped" string values as a SAML 2 Attribute. This encoder typically combines the value and scope strings, adds a delimiter, and produces a simple string-valued element.

Schema Name and Location

This xsi:type is defined by the urn:mace:shibboleth:2.0:resolver schema 3.3, which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd.

Prior to V3.3 supplied plugins were defined by a schema type (xsi:type) in the urn:mace:shibboleth:2.0:encoder schema , which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-encoder.xsd.  This is still supported, but every element or type in the  urn:mace:shibboleth:2.0:encoder schema has an identically named version in the urn:mace:shibboleth:2.0:resolver  schema.

Attributes

Common Attributes

NameTypeDefaultDescription

encodeType

booleantrueControls whether the output form will contain an encoder-specific indication of the data type of the values. In XML, this takes the form of xsi:type attributes, which greatly bloat the size and generally should be avoided for string-valued data. For compatibility with V2, the default is to continue to output the information, but we suggest disabling it in newer deployments and after testing against existing services.

activationConditionRef

Bean Reference

Bean ID of a condition bean that determines whether the encoder should be active, described further here.
Mutually exclusive with relyingParties

relyingParties 3.4

space-delimited list

List of entity IDs for which this Attribute Encoder should be active.
Mutually exclusive with activationConditionRef

Specific Attributes

Name

Type

Req?

Default

Description

Name

Type

Req?

Default

Description

name

String

Y



Value to put into the "Name" attribute of the output <AttributeValue> elements

nameFormat

String



urn:oasis:names:tc:SAML:2.0:attrname-format:uri

Value to put into the "NameFormat" attribute of the output <AttributeValue> elements

friendlyName

String





Value to put into the "FriendlyName" attribute of the output <AttributeValue> elements

scopeAttribute

String



Scope

If scopeType is "attribute", then the scope is passed an XML attribute inside the <AttributeValue> elements with this name while the (unscoped) value is passed in the content of the element

scopeDelimiter

String



@

If scopeType is "inline", then the output <AttributeValue> element content is constructed by concatenating the unscoped value, the value of this attribute, and the scope

scopeType

"attribute" or "inline"



inline

Defines what format the attribute is to be encoded in, generally should be left alone

Examples

<AttributeEncoder xsi:type="SAML2ScopedString" name="https://example.org/oldstyle" friendlyName="OldScopedFormat" scopeType="attribute"/> <AttributeEncoder xsi:type="SAML2ScopedString" name="https://example.org/newstyle" friendlyName="NewScopedFormat" scopeDelimiter="#"/>