AssertionAttributeExtractor
- Rod Widdowson
- Scott Cantor
Overview
Identified by type="Assertion", this AttributeExtractor allows well-defined content from within a SAML Assertion to be extracted and passed to an application as an attribute. This supplements the support for extracting a fixed set of information from the assertion and populating well-defined variables/headers (e.g., the Shib-Identity-Provider header and so forth).
Reference
Attributes
The following XML attributes are supported by this type:
Name | Type | Description |
|---|---|---|
Consent | string | Names the SP attribute to carry the value of the Consent attribute found in the response that delivered the assertion |
AuthenticatingAuthority | string | Names the SP attribute to carry the value(s) of the <AuthenticatingAuthority> element(s) found in the assertion |
AuthnContextClassRef | string | Names the SP attribute to carry the value of the <AuthnContextClassRef> element or AuthenticationMethod attribute found in the assertion. Equivalent to the built-in Shib-AuthnContext-Class and Shib-Authentication-Method variables. |
AuthnContextDeclRef | string | Names the SP attribute to carry the value of the <AuthnContextDeclRef> element found in the assertion. Equivalent to the built-in Shib-AuthnContext-Decl variable. |
AuthnInstant | string | Names the SP attribute to carry the value of the AuthnInstant attribute found in the assertion. Equivalent to the built-in Shib-Authentication-Instant variable |
Issuer | string | Names the SP attribute to carry the value of the <Issuer> element found in the assertion. Equivalent to the built-in Shib-Identity-Provider variable. |
IssuerFormat 3.2 | string | Names the SP attribute to carry the value of the Format attribute in the <Issuer> element found in the assertion |
NotBefore 3.2 | string | Names the SP attribute to carry the value of the NotBefore attribute found in the assertion's <Conditions> element |
NotOnOrAfter | string | Names the SP attribute to carry the value of the NotOnOrAfter attribute found in the assertion's <Conditions> element |
SessionIndex | string | Names the SP attribute to carry the value of the SessionIndex attribute found in the assertion. Equivalent to the built-in Shib-Session-Index variable. |
SessionNotOnOrAfter | string | Names the SP attribute to carry the value of the SessionNotOnOrAfter attribute found in the assertion |
Address | string | Names the SP attribute to carry the value of the Address attribute found in the assertion's <SubjectLocality> element |
DNSName | string | Names the SP attribute to carry the value of the DNSName attribute found in the assertion's <SubjectLocality> element |
Example
Example equivalent to current standard headers
<AttributeExtractor type="Assertion"
Issuer="Shib-Identity-Provider"
AuthnInstant="Shib-Authentication-Instant"
AuthnContextClassRef="Shib-AuthnContext-Class"
AuthnContextDeclRef="Shib-AuthnContext-Decl"
SessionIndex="Shib-Session-Index"
/>