The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.
SAML1AttributeTranscoderConfiguration
- Scott Cantor
- Ian Young
Overview
A set of built-in transcoders supporting SAML 1 <Attribute> and <AttributeDesignator> objects is provided that support the most frequently needed value types. Most of them support a common set of properties, documented below; a few other properties are defined for specific transcoder types. Since they largely all do the same thing in the same way, they're documented here together.
A particular property of the SAML schema is that <AttributeDesignator> cannot have values while <Attribute> MUST have them, so there are some built-in enforcement checks.
Note that <AttributeDesignator> elements can be mapped to and from IdPRequestedAttribute objects but the conversion is lossy due to the lack of an isRequired property in SAML and the inability to express requested values.
Common Properties
In addition to the generic properties, all SAML 1 transcoders support the following:
Name | Req? | Type | Default | Description |
|---|---|---|---|---|
saml1.name | Y | String |
| The |
saml1.namespace |
| String | urn:mace:shibboleth:1.0:attributeNamespace:uri | The |
saml1.encodeType |
| Boolean | true | Whether to encode values with an |
Note the default for “saml1.namespace” above. If your desired inbound or outbound syntax does not include the AttributeName XML Attribute or relies on a different value, then you MUST set it explicitly in the rule.
Transcoder Types
There are 4 built-in subtypes of SAML 1 transcoders, as follows. Each one is predefined as a Spring bean for use in rules using the "short" name of the class, as enumerated in the TranscodingRuleConfiguration reference section.
SAML1StringAttributeTranscoder
The simplest and most commonly used transcoder, it supports encoding and decoding internal values from and to the StringAttributeValue class. It supports no additional properties.
SAML1ScopedStringAttributeTranscoder
It supports encoding and decoding internal values from and to the ScopedStringAttributeValue class. It supports the following additional properties (all optional):
Name | Type | Default | Description |
|---|---|---|---|
saml1.scopeType | "inline" or "attribute" | "attribute" | The "style"/syntax with which to encode and decode the scope portion |
saml1.scopeAttributeName | String | Scope | The name of the XML attribute to encode and decode the scope portion when saml1.scopeType is "attribute" |
saml1.scopeDelimiter | String | @ | The character(s) to use to separate the value and scope when saml1.scopeType is "inline" |
SAML1ByteAttributeTranscoder
It supports encoding and decoding internal values from and to the ByteAttributeValue class, with a base64 transform applied. It supports no additional properties.
SAML1XMLObjectAttributeTranscoder
It supports encoding and decoding internal values from and to the XMLObjectAttributeValue class. It supports the following additional properties (all optional):
Name | Type | Default | Description |
|---|---|---|---|
saml1.includeAttributeValue | Boolean | false | When decoding, controls whether the decoded XMLObject is actually the |