DelegationAttributeExtractor

Overview

Identified by type="Delegation", this AttributeExtractor allows content from within a SAML DelegationRestriction condition to be extracted and passed to an application as an attribute. This allows for finer-grained control over delegation at an SP. The information that's eventually expressed in string form to the application is controlled by a formatter XML attribute that can reference specific content from within the <del:Delegate> elements in the condition.

Reference

Attributes

The following XML attributes are supported by this type:

Name	Type	Req?	Description

Name

Type

Req?

Description

attributeId

string

Y

SP attribute name to populate

formatter

string

An expression containing any number of "substitution" variables starting with a '$' character that reference information from the <del:Delegate> element.

The set of formatter variables consists of:

Information derived from the corresponding content of the <saml2:NameID> element found within the <del:Delegate> element. Typically delegates are SAML entities that are named by entityIDs and only the $Name property is relevant.
- $Name
- $Format
- $NameQualifier
- $SPNameQualifier
- $SPProvidedID
A SAML confirmation method URI that identifies how the delegate confirmed its identity to the IdP.
- $ConfirmationMethod
The time at which the delegate confirmed its identity to the IdP.
- $DelegationInstant