The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.

SAML2AttributeTranscoderConfiguration

Overview

A set of built-in transcoders supporting SAML 2.0 <Attribute> and <md:RequestedAttribute> objects is provided that support the most frequently needed value types. Most of them support a common set of properties, documented below; a few other properties are defined for specific transcoder types. Since they largely all do the same thing in the same way, they're documented here together.

A particular property of the SAML schema is that <Attribute> and <md:RequestedAttribute> both carry zero or more <AttributeValue> children, so it's allowed in general for the transcoders to be asked to generate objects with no values in either direction but may be inappropriate and prevented in specific cases.

Note that <md:RequestedAttribute> elements can be mapped to and from IdPRequestedAttribute objects with the isRequired property correspondingly set.

Common Properties

In addition to the generic properties, all SAML 2 transcoders support the following:

Name

Req?

Type

Default

Description

Name

Req?

Type

Default

Description

saml2.name

Y

String

 

The <Attribute> Name  to map to and from

saml2.nameFormat

 

URI

urn:oasis:names:tc:SAML:2.0:attrname-format:uri

The <Attribute> NameFormat to map to and from

saml2.friendlyName

 

 

When encoding, the input IdPAttribute's ID

The <Attribute> FriendlyName to encode

saml2.encodeType

 

Boolean

true                                                                               

Whether to encode values with an xsi:type attached

Note the default for “saml2.nameFormat” above. If your desired inbound or outbound syntax does not include the NameFormat XML Attribute or relies on a different value, then you MUST set it explicitly in the rule.

Transcoder Types

There are 4 built-in subtypes of SAML 2 transcoders, as follows. Each one is predefined as a Spring bean for use in rules using the "short" name of the class, as enumerated in the TranscodingRuleConfiguration reference section.

SAML2StringAttributeTranscoder

The simplest and most commonly used transcoder, it supports encoding and decoding internal values from and to the StringAttributeValue class. It supports no additional properties.

SAML2ScopedStringAttributeTranscoder

It supports encoding and decoding internal values from and to the ScopedStringAttributeValue class. It supports the following additional properties (all optional):

Name

Type

Default

Description

Name

Type

Default

Description

saml2.scopeType

"inline" or "attribute"

"inline"

The "style"/syntax with which to encode and decode the scope portion

saml2.scopeAttributeName

String

Scope

The name of the XML attribute to encode and decode the scope portion when saml2.scopeType is "attribute"

saml2.scopeDelimiter

String

@

The character(s) to use to separate the value and scope when saml2.scopeType is "inline"

SAML2DateTimeAttributeTranscoder 4.3

It supports encoding and decoding internal values from and to the DateTimeAttributeValue class. It supports the following additional properties (all optional):

Name

Type

Default

Description

Name

Type

Default

Description

saml2.epochUnits

“s“ or “ms”

“s”

When decoding, controls the handling of integer values (or strings in that form) when converting to an Instant. The default (“s”) is to handle the value as seconds, while “ms” means to handle as milliseconds. Java tends to deal in the latter but the traditional handling (e.g., C/C++) tend to be in seconds.

SAML2ByteAttributeTranscoder

It supports encoding and decoding internal values from and to the ByteAttributeValue class, with a base64 transform applied. It supports no additional properties.

SAML2XMLObjectAttributeTranscoder

It supports encoding and decoding internal values from and to the XMLObjectAttributeValue class. It supports the following additional properties (all optional):

Name

Type

Default

Description

Name

Type

Default

Description

saml2.includeAttributeValue

Boolean

false

When decoding, controls whether the decoded XMLObject is actually the <AttributeValue> element itself, or its child element