Scoped AttributeDecoder

The decoder, indicated by xsi:type="ScopedAttributeDecoder", treats the SAML attribute's values as a two-part relational construct consisting of a left-hand side (the "value") and a right-hand side (the "scope").

During processing, both halves are tracked independently and exposed either as a flattened string or individually, depending on how the object is being used.

Typically, an attribute's scope gives an indication of the domain in which an attribute's value applies; for example, staff@example.org represents a staff member at Example Organization, and the scope is example.org. However, it may not be desirable to allow staff@osu.edu to be asserted by the Brown University IdP. The specialized processing of this decoder facilitates these kinds of distinctions by tieing in to a common metadata extension.

Scoped attribute processing accomodates multiple XML syntaxes for passing scoped values, including the legacy form supported by Shibboleth 1.x and parsing strings containing an arbitrary delimiter.

Attributes

Any of the Common Attributes can be specified, additionally

Name

Type

Default

Description

scopeDelimiter 
character@The character used to delimit the value from the scope in a flattened source string

Example

<AttributeDecoder xsi:type="ScopedAttributeDecoder"/>