AssertionAttributeExtractor

Overview

Identified by type="Assertion", this AttributeExtractor allows well-defined content from within a SAML Assertion to be extracted and passed to an application as an attribute. This supplements the support for extracting a fixed set of information from the assertion and populating well-defined variables/headers (e.g., the Shib-Identity-Provider header and so forth).

Reference

Attributes

The following XML attributes are supported by this type:

Name

Type

Description

Name

Type

Description

Consent

string

Names the SP attribute to carry the value of the Consent attribute found in the response that delivered the assertion

AuthenticatingAuthority

string

Names the SP attribute to carry the value(s) of the <AuthenticatingAuthority> element(s) found in the assertion

AuthnContextClassRef

string

Names the SP attribute to carry the value of the <AuthnContextClassRef> element or AuthenticationMethod attribute found in the assertion. Equivalent to the built-in Shib-AuthnContext-Class and Shib-Authentication-Method variables.

AuthnContextDeclRef

string

Names the SP attribute to carry the value of the <AuthnContextDeclRef> element found in the assertion. Equivalent to the built-in Shib-AuthnContext-Decl variable.

AuthnInstant

string

Names the SP attribute to carry the value of the AuthnInstant attribute found in the assertion. Equivalent to the built-in Shib-Authentication-Instant variable

Issuer

string

Names the SP attribute to carry the value of the <Issuer> element found in the assertion. Equivalent to the built-in Shib-Identity-Provider variable.

IssuerFormat 3.2

string

Names the SP attribute to carry the value of the Format attribute in the <Issuer> element found in the assertion

NotBefore 3.2

string

Names the SP attribute to carry the value of the NotBefore attribute found in the assertion's <Conditions> element

NotOnOrAfter

string

Names the SP attribute to carry the value of the NotOnOrAfter attribute found in the assertion's <Conditions> element

SessionIndex

string

Names the SP attribute to carry the value of the SessionIndex attribute found in the assertion. Equivalent to the built-in Shib-Session-Index variable.

SessionNotOnOrAfter

string

Names the SP attribute to carry the value of the SessionNotOnOrAfter attribute found in the assertion

Address

string

Names the SP attribute to carry the value of the Address attribute found in the assertion's <SubjectLocality> element

DNSName

string

Names the SP attribute to carry the value of the DNSName attribute found in the assertion's <SubjectLocality> element

Example

Example equivalent to current standard headers
<AttributeExtractor type="Assertion" Issuer="Shib-Identity-Provider" AuthnInstant="Shib-Authentication-Instant" AuthnContextClassRef="Shib-AuthnContext-Class" AuthnContextDeclRef="Shib-AuthnContext-Decl" SessionIndex="Shib-Session-Index" />