KeyInfo AttributeDecoder

The decoder, indicated by xsi:type="KeyInfoAttributeDecoder", processes SAML attribute values that take the form of a <ds:KeyInfo> element (or the equivalent schema type).

Its current capability is to rely on a KeyInfoResolver plugin to transform the input data into a public key, after which it is DER-encoded into its SubjectPublicKeyInfo form and then base64-encoded.

Attributes

Any of the Common Attributes can be specified In addition the following can be used

Name

Type

Default

Description

hashbooleanfalseIf set to true, the resulting DER-encoded key values are hashed via SHA-1 before being base64-encoded. Note that this is a different hashing operation than the generic one supported with the hashAlg attribute, described under common attributes.
keyInfoHashAlg string"SHA1"

Optional name of hashing algorithm to use if the hash option is enabled. The algorithm names to use here are dependent on the cryptographic library that supplies the hashing. In the case of OpenSSL, they're simple names like "SHA1" or "SHA256".

Child Elements

Name

Cardinality

Description

<KeyInfoResolver>0 or 1

Allows an alternate implementation to be supplied for mapping the data inside a <ds:KeyInfo> structure into a public key. The default implementation used, if no plugin is specified, is an "inline" implementation that understands <ds:KeyValue> and <ds:X509Certificate> content.

Example

<TBD/>