Page tree
Skip to end of metadata
Go to start of metadata

SAML 2 Base64 Attribute Encoder

The SAML 2 Base64 attribute encoder creates SAML 2 <Attribute> elements from resolved attributes with <AttributeValue> elements for each value. The content of these <AttributeValue> elements is a Base64 encoded byte array. This encoder is only used for SAML 2 messages and will be ignored when the IdP is answering other protocol messages.

Please Note

  • The LDAP data connector will Base 64 encode values of attributes that are marked as binary (see Other Connection Properties) so you should use a normal string attribute encoder for such attributes.
  • This encoder only operates on attributes whose values are byte arrays. It will not attempt convert values of other types into a byte array.

Define the Encoder

Attribute encoders are defined in a <resolver:AttributeDefinition> after all <resolver:Dependency>.

To define a new SAML 2 Base64 attribute encoder, create a <resolver:AttributeEncoder xsi:type="SAML2Base64" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"> with the following required attributes:

  • name - this becomes the Name attribute on the created SAML 2 <Attribute> element

and the following optional attributes:

  • nameFormat - this becomes the NameFormat attribute on the created SAML 2 <Attribute> element (default value: urn:oasis:names:tc:SAML:2.0:attrname-format:uri)
  • friendlyName - this becomes the FriendlyName attribute on the created SAML 2 <Attribute> element
SAML 2 Base64 Attribute Encoder within a Simple Attribute Definition
<resolver:AttributeDefinition id="UNIQUE_ID" xsi:type="ad:Simple">

     <resolver:Dependency ref="DEFINITION_ID_1" />
     <resolver:Dependency ref="DEFINITION_ID_2" />
     <resolver:Dependency ref="CONNECTOR_ID_3" />
     <resolver:Dependency ref="CONNECTOR_ID_4" />

     <resolver:AttributeEncoder xsi:type="SAML2Base64" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
                                name="ATTRIBUTE_NAME_1" />

</resolver:AttributeDefinition>

Defining more than one attribute encoder allows a deployer to transform a single attribute into multiple <Attribute> elements with different names, name formats, or friendly names.

  • No labels