Page tree
Skip to end of metadata
Go to start of metadata

Overview

The <AttributeExtractor> element configures the component used by the SP to turn SAML content into "attributes", the internal/neutral representation of information stored within user sessions. With the exception of a few built-in data elements associated with each session, most of the data an application is able to access about a session is made up of the internal attributes that are produced by using one or more attribute extractors.

The SP generally invokes the extraction step following the acceptance of assertions during SSO and as a result of secondary attribute resolution from SAML-based sources such as an Attribute Authority. Extraction is generally followed by a filtering step that can apply rules over what attributes or values to accept.

In general, extractors can be handed many different XML element types and are free to process them or ignore them as their implementation or configuration dictates.

Like most plugins, the type attribute determines which type of plugin to use. Each type supports its own attributes and child elements.

Types

typeDescription
XMLThe main type used by most deployments, implements an XML-based rule syntax for decoding SAML attributes and name identifiers into internal attributes
KeyDescriptorExposes the signing/TLS or encryption keys advertised in an IdP's metadata as attributes
DelegationExposes content from within a SAML DelegationRestriction condition as attributes
AssertionExposes specific "built-in" content from within a SAML assertion as attributes
MetadataExposes specific "built-in" content from within SAML metadata as attributes
GSSAPI

Implements an XML-based rule syntax for decoding GSS-API naming extensions into internal attributes

Reference

Common Attributes

All <AttributeExtractor> plugins support the following attributes:

NameTypeReq?Description

type

stringY

Specifies the type of AttributeExtractor plugin to use

  • No labels