The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.
SAML1ScopedStringEncoder
- Scott Cantor
- Rod Widdowson
The SAML1ScopedString attribute encoder encodes an IdPAttribute with "scoped" string values as a SAML 1 Attribute. This encoder typically places the scope portion into a separate XML attribute.
Schema Name and Location
This xsi:type is defined by the urn:mace:shibboleth:2.0:resolver:resolver schema 3.3, which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd.
Prior to V3.3 supplied plugins were defined by a schema type (xsi:type) in the urn:mace:shibboleth:2.0:encoder schema , which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-encoder.xsd. This is still supported, but every element or type in the urn:mace:shibboleth:2.0:encoder schema has an identically named version in the urn:mace:shibboleth:2.0:resolver schema.
Attributes
Common Attributes
| Name | Type | Default | Description |
|---|---|---|---|
| boolean | true | Controls whether the output form will contain an encoder-specific indication of the data type of the values. In XML, this takes the form of xsi:type attributes, which greatly bloat the size and generally should be avoided for string-valued data. For compatibility with V2, the default is to continue to output the information, but we suggest disabling it in newer deployments and after testing against existing services. |
| Bean Reference | Bean ID of a condition bean that determines whether the encoder should be active, described further here. | |
| space-delimited list | List of entity IDs for which this Attribute Encoder should be active. |
Specific Attributes
| Name | Type | Req? | Default | Description |
|---|---|---|---|---|
name | String | Y | Value to put into the "AttributeName" attribute of the output <AttributeValue> elements | |
namespace | String | urn:mace:shibboleth:1.0:attributeNamespace:uri | Value to put into the "AttributeNamespace" attribute of the output <AttributeValue> elements | |
scopeAttribute | String | Scope | If scopeType is "attribute", then the scope is passed an XML attribute inside the <AttributeValue> elements with this name while the (unscoped) value is passed in the content of the element | |
scopeDelimiter | String | @ | If scopeType is "inline", then the output <AttributeValue> element content is constructed by concatenating the unscoped value, the value of this attribute, and the scope | |
scopeType | "attribute" or "inline" | attribute | Defines what format the attribute is to be encoded in, generally should be left alone |
Examples
<AttributeEncoder xsi:type="SAML1ScopedString" name="https://example.org/oldstyle" scopeType="attribute"/> <AttributeEncoder xsi:type="SAML1ScopedString" name="https://example.org/newstyle" scopeDelimiter="#"/>
Notes
The AttributeNamespace XML attribute in SAML 1 is a nasty little piece of work that was badly defined and very inconsistently implemented (often nonsenically) by different implementations of SAML 1. Shibboleth used this attribute in a manner analagous to the SAML 2 NameFormat attribute that took its place, and defaults to using a URI constant we defined in the very earliest releases to signal that the AttributeName would be a URI and stand on its own. You will typically find that other implementations will require you to override this with some value they invent out of whole cloth. No value is right or wrong, it's an unfortunate mistake that just has to be worked around on a case by case basis.