AttributeDecoder

The <AttributeDecoder> element configures the component used to process the content of a SAML element undergoing extraction.

The decoder plugin is responsible for instantiating an object that subclasses the required internal class interface, while capturing any data necessary to properly expose the extracted value(s) to the SP and protected applications. It is the decoder plugin that actually understands how to process an attribute's values.

Decoder Types

Several different Attribute Decoders are available.  They are selected using the type= attribute.  Each type has its own Child Elements and Attributes, as well as sharing the common attributes

Common Attributes

Name

Type

Default

Description

xsi:typeXML schema type / QName
Plugin type name
caseSensitive booleantrueAllows the decoder to attach the proper case sensitivity setting to the attribute created. Attributes must carry this setting to enable proper comparison logic by access control plugins
internal booleanfalseAllows the decoder to attach the proper internal-only setting to the attribute created. Attributes can carry this setting to hide themselves from CGI export.
hashAlgstring
Name of a hashing algorithm to apply to the decoded attribute's serialized values before caching them. Internally, this turns any source attribute object into a simple/string-valued attribute whose values are the result of hashing the original values that would have been placed into the mapped header(s). The algorithm names to use here are dependent on the cryptographic library that supplies the hashing. In the case of OpenSSL, they're simple names like "SHA1" or "SHA256"
langAwarebooleanfalseIf true, the decoding process changes from "decode all values" to "find the value whose xml:lang attribute best matches the combination of the client's requested language preference(s) and any server-imposed defaults". If no match is found, a single unspecified value is selected. All other values are ignored.