Page tree
Skip to end of metadata
Go to start of metadata

Overview

The <AttributeResolver> element configures components that can be enabled to obtain additional attributes about the logged-in user following a SSO event, as well as transforming or creating new attributes internally.

During SSO, the IdP can (and generally does) supply attributes in a "push" fashion inside the SAML assertions it issues. These attributes are decoded with an AttributeExtractor and cached with the user's session. The purpose of a resolver plugin is to "pull" attributes from additional sources or to transform existing attributes in some way.

Like most plugins, the type attribute determines which type of plugin to use. Each type supports its own attributes and child elements.

Types

typeDescription
QueryIssues a SAML AttributeQuery to the originating IdP to obtain attributes when they are omitted from the original assertion
SimpleAggregation

Issues one or more SAML Attribute Queries to third-party Attribute Authorities independent of the originating IdP using identifier(s) obtained during SSO

TransformApplies one or more regular expressions to an input attribute, either replacing its values, or generating new attribute(s)
TemplatePlugs values from one or more existing attributes into a template string that can combine the original attributes into a new attribute
UpperCaseConverts the values of an attribute into upper case, either replacing its values, or generating a new attribute
LowerCaseConverts the values of an attribute into lower case, either replacing its values, or generating a new attribute

Reference

Common Attributes

All <AttributeResolver> plugins support the following attributes:

NameTypeReq?Description

type

stringY

Specifies the type of AttributeResolver plugin to use

  • No labels