DOM AttributeDecoder

Owned by Rod Widdowson
Last updated: Mar 11, 2019 by Takeshi NishimuraVersion comment
2 min read

The decoder, indicated by xsi:type="DOMAttributeDecoder", processes SAML attribute values as an arbitrary XML DOM tree.

This plugin is a somewhat experimental attempt at providing limited support for "rich" XML-valued attribute information. It works best on XML structures without embedded "repeating" elements. Only limited support for accessing the iterated data is included.

The main limitation of this mechanism is that for the SP to provide a useful function, it has to be able to simplify the XML into a string. Otherwise the application might just as well parse the SAML assertion directly, and that may often be the better approach. However, if the XML structure is sufficiently simple, the decoder plugin offers the ability to pull information out of it using a quick and dirty notation as follows:

  1. XML attributes and child elements can be jointly accessed by specifying the attribute or element name (or its remapped name, see below).
  2. Nested elements can be navigated by separating parent and child with a period (.) character.
  3. Lists of repeating child elements can be indexed using the typical array notation ([n]) and the zero-based index of the child to access. Out of range accessors simply return nothing as a resulting string. A zero index is ignored if no list is present.
  4. If a list is encountered without an array index specified, the first element in the list is accessed automatically.


Attributes

Any of the Common Attributes can be specified In addition the following can be used

Name

Type

Default

Description

formatter 
stringrequiredA required formatting string that turns the XML content into a flat string. The string contains one or more substitution tags consisting of a dollar sign ($) followed by a "path specifier", as described above. Other characters are echoed through to the constructed string.

Child Elements

Name

Cardinality

Description

<Mapping >0 or 1

Allows an XML attribute or element to be "mapped" into a shorter or qualified name in the resulting structured representation of the data. The purpose of this feature is to allow for namespace-qualified XML by allowing qualified names to be turned into local "tags" that don't require the two part structure of a qualified name.
Attributes

Name

Type

Default

Description

from QNAMERequiredA required XML attribute identifying the qualified attribute or element name to map
to stringRequiredA required XML attribute identifying the internal name to use when storing the mapped attribute or element.

Example

As an example, consider this rich SAML 1.1 attribute:

<saml:Attribute AttributeName="https://example.org/personalprofile" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
    <saml:AttributeValue>
        <prof:Profile xmlns:prof="https://example.org/personalprofile">
            <prof:Name>
                <prof:First>John</prof:First>
                <prof:Last>Doe</prof:Last>
            </prof:Name>
            <prof:Email>doe@example.org</prof:Email>
            <prof:Email>jdoe@gmail.com</prof:Email>
        </prof:Profile>
    </saml:AttributeValue>
</saml:Attribute>

The following attribute declaration will produce a value of "John Doe, jdoe@gmail.com"

<Attribute name="https://example.org/personalprofile">
    <AttributeDecoder xsi:type="DOMAttributeDecoder" formatter="$Profile.Name.First $Profile.Name.Last, $Profile.Email.[1]"/>
</Attribute>