SAML 2 XMLObject Attribute Encoder

The SAML 2 XMLObject attribute encoder creates SAML 2 <Attribute> elements from resolved attributes with an <AttributeValue> element for each value. The content of the <AttributeValue> element is XML. This encoder is only used for SAML 2 messages and will be ignored when the IdP is answering other protocol messages.

This encoder only operates on attributes whose values are XMLObjects.

Define the Encoder

Attribute encoders are defined in a <resolver:AttributeDefinition> after all <resolver:Dependency>.

To define a new SAML 1 XMLObject attribute encoder, create a <resolver:AttributeEncoder xsi:type="SAML2XMLObject" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"> with the following required attribute:

name - this becomes the Name attribute on the created SAML 2 <Attribute> element

and the following optional attributes:

nameFormat - this becomes the NameFormat attribute on the created SAML 2 <Attribute> element (default value: urn:oasis:names:tc:SAML:2.0:attrname-format:uri)
friendlyName - this becomes the FriendlyName attribute on the created SAML 2 <Attribute> element

SAML 2 XMLObject Attribute Encoder within a Simple Attribute Definition

<resolver:AttributeDefinition id="UNIQUE_ID" xsi:type="ad:Simple">

     <resolver:Dependency ref="DEFINITION_ID_1" />
     <resolver:Dependency ref="CONNECTOR_ID_2" />

     <resolver:AttributeEncoder xsi:type="SAML2XMLObject" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
                                name="ATTRIBUTE_NAME_1" />

</resolver:AttributeDefinition>

Defining more than one attribute encoder allows a deployer to transform a single attribute into multiple <Attribute> with different names and/or namespaces.

Shibboleth 2

SAML2XMLObjectAttributeEncoder

SAML 2 XMLObject Attribute Encoder

Define the Encoder