SAML2NameIDTranscoderConfiguration

This feature requires V5.2+ of the IdP software.

1 Overview
2 Common Properties
3 Transcoder Types
- 3.1 SAML2StringNameIDTranscoder
- 3.2 SAML2ScopedStringNameIDTranscoder

Overview

A set of built-in decoders supporting SAML 2.0 <NameID> objects is provided. They support a common set of properties, documented below; a few other properties are defined for specific transcoder types. Since they largely all do the same thing in the same way, they're documented here together.

Because of the specialized nature of the <NameID> construct, a bit of historical baggage, and the fact that a <NameID>is often not sourced directly from an IdPAttribute, these components only support decoding from a <NameID>into an IdPAttribute, but not encoding the other direction. The existing NameIDGenerationConfigurationcontinues to be used for this purpose.

Common Properties

In addition to the generic properties, all SAML 2 <NameID> transcoders support the following:

Name	Type	Default	Description

Name

Type

Default

Description

saml2.nameFormat

String

The <NameID> Format to decode.

The property name was carried over from the attribute-based transcoders for consistency even though the XML Attribute is named differently.

saml2.defaultQualifiers

Boolean

false

Whether to default in the values of the NameQualifier and SPNameQualifier XML Attributes from the transaction/request if absent

saml2.valueTemplate

String

$Name!!$NameQualifier!!$SPNameQualifier

A formatting string to use when translating the XML into a String, by specifying where the three components should be placed. The four supported replacement values are:

$Name
$Format
$NameQualifier
$SPNameQualifier

Note that very few (essentially only “persistent”) SAML <NameID> Formats actually define a purpose for the qualifiers and they should generally be ignored in other cases.

Transcoder Types

There are 2 built-in subtypes of SAML 2 <NameID> transcoders, as follows. Each one is predefined as a Spring bean for use in rules using the "short" name of the class, as enumerated in the TranscodingRuleConfiguration reference section.

SAML2StringNameIDTranscoder

The simplest and most commonly used transcoder, it supports decoding <NameID> elements into the StringAttributeValue class. There are no additional properties supported.

SAML2ScopedStringNameIDTranscoder

Supports decoding <NameID> elements into the ScopedStringAttributeValue class. This is typically only used when a formally “scoped” SAML <Attribute> has been expressed as a <NameID>. It supports the following additional properties (all optional):

Name	Type	Default	Description

Name	Type	Default	Description
saml2.scopeDelimiter	String	@	The character(s) to use to separate the value and scope when processing the element’s contents.

Note that the qualifier(s) (which should normally be omitted in these cases) are not considered part of the “scope” as that concept has a different meaning in Shibboleth.