<AttributeDecoder> element configures the component used to process the content of a SAML element undergoing extraction.
The decoder plugin is responsible for instantiating an object that subclasses the required internal class interface, while capturing any data necessary to properly expose the extracted value(s) to the SP and protected applications. It is the decoder plugin that actually understands how to process an attribute's values.
Several different Attribute Decoders are available. They are selected using the
type= attribute. Each type has its own Child Elements and Attributes, as well as sharing the common attributes
|XML schema type / QName||Plugin type name|
|boolean||true||Allows the decoder to attach the proper case sensitivity setting to the attribute created. Attributes must carry this setting to enable proper comparison logic by access control plugins|
|boolean||false||Allows the decoder to attach the proper internal-only setting to the attribute created. Attributes can carry this setting to hide themselves from CGI export.|
|string||Name of a hashing algorithm to apply to the decoded attribute's serialized values before caching them. Internally, this turns any source attribute object into a simple/string-valued attribute whose values are the result of hashing the original values that would have been placed into the mapped header(s). The algorithm names to use here are dependent on the cryptographic library that supplies the hashing. In the case of OpenSSL, they're simple names like "SHA1" or "SHA256"|
|boolean||false||If true, the decoding process changes from "decode all values" to "find the value whose |
xml:lang attribute best matches the combination of the client's requested language preference(s) and any server-imposed defaults". If no match is found, a single unspecified value is selected. All other values are ignored.