SAML2Base64AttributeEncoder
SAML 2 Base64 Attribute Encoder
The SAML 2 Base64 attribute encoder creates SAML 2 <Attribute>
elements from resolved attributes with <AttributeValue>
elements for each value. The content of these <AttributeValue>
elements is a Base64 encoded byte array. This encoder is only used for SAML 2 messages and will be ignored when the IdP is answering other protocol messages.
Please Note
- The LDAP data connector will Base 64 encode values of attributes that are marked as binary (see Other Connection Properties) so you should use a normal string attribute encoder for such attributes.
- This encoder only operates on attributes whose values are byte arrays. It will not attempt convert values of other types into a byte array.
Define the Encoder
Attribute encoders are defined in a <resolver:AttributeDefinition>
after all <resolver:Dependency>
.
To define a new SAML 2 Base64 attribute encoder, create a <resolver:AttributeEncoder xsi:type="SAML2Base64" xmlns="urn:mace:shibboleth:2.0:attribute:encoder">
with the following required attributes:
- name - this becomes the
Name
attribute on the created SAML 2<Attribute>
element
and the following optional attributes:
- nameFormat - this becomes the
NameFormat
attribute on the created SAML 2<Attribute>
element (default value: urn:oasis:names:tc:SAML:2.0:attrname-format:uri) - friendlyName - this becomes the
FriendlyName
attribute on the created SAML 2<Attribute>
element
<resolver:AttributeDefinition id="UNIQUE_ID" xsi:type="ad:Simple"> <resolver:Dependency ref="DEFINITION_ID_1" /> <resolver:Dependency ref="DEFINITION_ID_2" /> <resolver:Dependency ref="CONNECTOR_ID_3" /> <resolver:Dependency ref="CONNECTOR_ID_4" /> <resolver:AttributeEncoder xsi:type="SAML2Base64" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="ATTRIBUTE_NAME_1" /> </resolver:AttributeDefinition>
Defining more than one attribute encoder allows a deployer to transform a single attribute into multiple <Attribute>
elements with different names, name formats, or friendly names.