The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.

SAML2StringAttributeEncoder

SAML 2 String Attribute Encoder

The SAML 2 string attribute encoder creates SAML 2 <Attribute> elements from resolved attributes with <AttributeValue> elements for each value. The content of these <AttributeValue> elements is a string. This encoder is only used for SAML 2 messages and will be ignored when the IdP is answering other protocol messages.

This encoder will convert the values of the attribute it is attached into strings by means of the Object.toString() method.

Define the Encoder

Attribute encoders are defined in a <resolver:AttributeDefinition> after all <resolver:Dependency>.

To define a new SAML 2 string attribute encoder, create a <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"> with the following required attributes:

  • name - this becomes the Name attribute on the created SAML 2 <Attribute> element

and the following optional attributes:

  • nameFormat - this becomes the NameFormat attribute on the created SAML 2 <Attribute> element (default value: urn:oasis:names:tc:SAML:2.0:attrname-format:uri)
  • friendlyName - this becomes the FriendlyName attribute on the created SAML 2 <Attribute> element
SAML 2 String Attribute Encoder within a Simple Attribute Definition
<resolver:AttributeDefinition id="UNIQUE_ID" xsi:type="ad:Simple">

     <resolver:Dependency ref="DEFINITION_ID_1" />
     <resolver:Dependency ref="DEFINITION_ID_2" />
     <resolver:Dependency ref="CONNECTOR_ID_3" />
     <resolver:Dependency ref="CONNECTOR_ID_4" />

     <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
                                name="ATTRIBUTE_NAME_1" />

     <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
                                name="ATTRIBUTE_NAME_2"
                                nameFormat="ATTRIBUTE_NAME_FORMAT"
                                friendlyName="ATTRIBUTE_FRIENDLY_NAME" />

</resolver:AttributeDefinition>

Defining more than one attribute encoder allows a deployer to transform a single attribute into multiple <Attribute> elements with different names, name formats, or friendly names.