Page tree
Skip to end of metadata
Go to start of metadata

The Scoped attribute definition applies a (fixed) scope, typically a domain-valued suffix, to an input attribute's values. The resulting attribute can be used as input to the SAML2ScopedStringEncoder and SAML1ScopedStringAttributeEncoder attribute encoders.

Schema Name and Location

This xsi:type is defined in the urn:mace:shibboleth:2.0:resolver namespace 3.3, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd

Prior to V3.3 supplied plugins were defined by a schema type in the urn:mace:shibboleth:2.0:resolver:ad namespace, the schema for which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-ad.xsd. This is still supported, but every element or type in the old namespace has an equivalently named (but not necessarily identical) version in the urn:mace:shibboleth:2.0:resolver namespace. The use of the urn:mace:shibboleth:2.0:resolver namespace also allows a relaxation of the ordering requirements of child elements to reduce strictness.

Attributes

Any of the common attributes can be specified.

In addition, the scope attribute must be present, and provides the scope/suffix to use. In the default configuration, the scope value is pulled from the idp.scope property in conf/idp.properties

Child Elements

Any of the common elements can be specified.

Example

<AttributeDefinition id="eduPersonPrincipalName" xsi:type="Scoped" scope="%{idp.scope}">
    <InputAttributeDefinition ref="uid" />
    <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />
    <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
</AttributeDefinition>
  • No labels