Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device.
Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device. Atlassian cookies and tracking notice, (opens new window)
The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.
The SAML1ScopedString attribute encoder encodes an IdPAttribute with "scoped" string values as a SAML 1 Attribute. This encoder typically places the scope portion into a separate XML attribute.
Reference
Name
Type
Req?
Default
Description
Name
Type
Req?
Default
Description
name
String
Y
Value to put into the AttributeName attribute of the output <AttributeValue> elements
namespace
String
urn:mace:shibboleth:1.0:attributeNamespace:uri
Value to put into the AttributeNamespace attribute of the output <AttributeValue> elements
scopeAttribute
String
Scope
If scopeType is "attribute", then the scope is passed an XML attribute inside the <AttributeValue> elements with this name while the (unscoped) value is passed in the content of the element
scopeDelimiter
String
@
If scopeType is "inline", then the output <AttributeValue> element content is constructed by concatenating the unscoped value, the value of this attribute, and the scope
scopeType
"attribute" or "inline"
attribute
Defines what format the attribute is to be encoded in, generally should be left alone
Name
Type
Default
Description
encodeType
boolean
true
Controls whether the output form will contain an encoder-specific indication of the data type of the values. In XML, this takes the form of xsi:type attributes, which greatly bloat the size and generally should be avoided for string-valued data. The default is to continue to output the information, but we suggest disabling it in newer deployments and after testing against existing services.
activationConditionRef
Bean Reference
Bean ID of a condition bean that determines whether the encoder should be active, described further here. Mutually exclusive with relyingParties attribute and <ActivationConditionScript> element
relyingParties
whitespace-delimited list
List of entity IDs for which this Attribute Encoder should be active. Mutually exclusive with activationConditionRef attribute and <ActivationConditionScript> element
Name
Cardinality
Description
Name
Cardinality
Description
<ActivationConditionScript>
0 or 1
Optional embedded script to supply an activation condition for the encoder. Mutually exclusive with the activationConditionRef and relyingParties XML Attributes.
The AttributeNamespace XML attribute in SAML 1 is a nasty little piece of work that was badly defined and very inconsistently implemented (often nonsensically) by different implementations of SAML 1. Shibboleth used this attribute in a manner analagous to the SAML 2 NameFormat attribute that took its place, and defaults to using a URI constant we defined in the very earliest releases to signal that the AttributeName would be a URI and stand on its own. You will typically find that other implementations will require you to override this with some value they invent out of whole cloth. No value is right or wrong, it's an unfortunate mistake that just has to be worked around on a case by case basis.