Page tree
Skip to end of metadata
Go to start of metadata

SAML 1 Scoped String Attribute Encoder

The SAML 1 scoped string attribute encoder creates SAML 1 <Attribute> elements from resolved scoped attributes with <AttributeValue> elements for each value. The content of these <AttributeValue> elements is a string and the scope value of the containing <AttributeDefinition>. The method of combining this scope value is configurable. This encoder is only used for SAML 1 messages and will be ignored when the IdP is answering other protocol messages.

This encoder will convert the values of the attribute it is attached into strings by means of the Object.toString() method.

Define the Encoder

Attribute encoders are defined in a <resolver:AttributeDefinition> after all <resolver:Dependency>.

To define a new SAML 1 scoped string attribute encoder, create a <resolver:AttributeEncoder xsi:type="SAML1ScopedString" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"> with the following required attributes:

  • name: Becomes the AttributeName attribute on the created SAML 1 <Attribute> element.

and the following optional attributes:

  • namespace: Becomes the AttributeNamespace attribute on the created SAML 1 <Attribute> element. Defaults to urn:mace:shibboleth:1.0:attributeNamespace:uri.
  • scopeType: Defines how the scope value should be combined with the base attribute value; valid values are inline (<AttributeValue>member@example.org</AttributeValue>) and attribute (<AttributeValue Scope="example.org">member</AttributeValue>). Defaults to attribute for backward compatibility with Shibboleth 1.x, but inline is likely to be more globally compatible.
  • scopeAttribute: When using a scopeType value of attribute, defines the name of the attribute which will be added to the created SAML 1 <AttributeValue> to convey the scope value. Defaults to Scope for compatibility with Shibboleth 1.x.
  • scopeDelimiter: When using a scopeType value of inline, defines the string used to separate the attribute value from the scope value. Defaults to @.
SAML 1 Scoped String Attribute Encoder within a Scoped Attribute Definition
<resolver:AttributeDefinition id="UNIQUE_ID" xsi:type="ad:Scoped">

     <resolver:Dependency ref="DEFINITION_ID_1" />
     <resolver:Dependency ref="CONNECTOR_ID_1" />

     <resolver:AttributeEncoder xsi:type="SAML1ScopedString" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
                                name="ATTRIBUTE_NAME_1" />

     <resolver:AttributeEncoder xsi:type="SAML1ScopedString" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
                                name="ATTRIBUTE_NAME_2"
                                namespace="ATTRIBUTE_NAMESPACE" 
                                scopeType="attribute" 
                                scopeAttribute="ATTRIBUTE_SCOPE_ATTRIBUTE_NAME" />

     <resolver:AttributeEncoder xsi:type="SAML1ScopedString" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
                                name="ATTRIBUTE_NAME_3"
                                namespace="ATTRIBUTE_NAMESPACE" 
                                scopeType="inline" 
                                scopeDelimiter="ATTRIBUTE_SCOPE_DELIMITER" />

</resolver:AttributeDefinition>

Defining more than one attribute encoder allows a deployer to transform a single attribute into multiple <Attribute> elements with different names and/or namespaces.

  • No labels