Maps incoming SAML Attributes and/or NameID Formats into local variable/header names within the SP. The asterisk refers to the fact that this file should generally only be marked reloadable if you take care not to rely on HTTP request headers to consume the data.
Determining the data the SP consumes from IdPs and what to call it
Controls rules for accepting incoming data from IdPs. Comes with a useful set of default rules for certain kinds of attributes and usually isn't needed very often beyond that.
Adding additional "scoped" attributes
Rejecting certain attributes from certain IdPs (e.g. self-asserted names or email addresses)
Adding custom attributes only valid for a specific IdP
Defines underlying default paths and low level details that allow the system to auto-configure itself via the <SSO>, <Logout>, etc. elements. It isn't usually modified by deployers. It could be reloadable but has no effect until the core configuration is reloaded.
Generally none, but could be used to alter the default paths where SAML messages are processed
Defines low-level rules for securing SAML message processing, and also supports explicitly turning off compromised cryptographic algorithms or overriding system defaults in that area. Rarely modified by deployers.
Adjusting algorithm rules if the system defaults aren't suitable
Creating advanced rules for processing messages specific to particular IdPs (very unusual)