Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • xsi:type (XML schema type / QName)
    • Plugin type name.
  • caseSensitive (boolean) (defaults to default is true)
    • Allows the decoder to attach the proper case sensitivity setting to the attribute created. Attributes must carry this setting to enable proper comparison logic by access control plugins.
  • internal (boolean) (defaults to default is false)
    • Allows the decoder to attach the proper internal-only setting to the attribute created. Attributes can carry this setting to hide themselves from CGI export.

...

  • scopeDelimiter (character) (defaults to default is @) (Version 2.3 and Above)
    • The character used to delimit the value from the scope in a flattened source string.

...

Attributes

  • formatter (string) (defaults to default is "$Name!!$NameQualifier!!$SPNameQualifier")
    • A formatting string that turns the XML content into a flat string. The string contains one or more substitution tags consisting of a dollar sign ($) followed by the name of an XML attribute or the string "Name" (representing the XML element content). Other characters are echoed through to the constructed string.
  • defaultQualifiers (bool) (defaults to default is false) (Version 2.2 and Above)
    • If true, the values of NameQualifier and SPNameQualifier will be defaulted, if not set by the source, based on the identity provider and service provider identities. Prior to version 2.2, this defaulting behavior was automatic and could not be disabled.

...

Attributes

  • formatter (string) (defaults to default is "$Name!!$NameQualifier!!$SPNameQualifier")
    • A formatting string that turns the XML content into a flat string. The string contains one or more substitution tags consisting of a dollar sign ($) followed by the name of an XML attribute or the string "Name" (representing the XML element content). Other characters are echoed through to the constructed string.

...

  • defaultQualifiers (bool) (defaults to default is false) (Version 2.2 and Above)
    • If true, the values of NameQualifier and SPNameQualifier will be defaulted, if not set by the source, based on the identity provider and service provider identities. Prior to version 2.2, this defaulting behavior was automatic and could not be disabled.
  • scopeDelimiter (character) (defaults to default is @) (Version 2.3 and Above)
    • The character used to delimit the value from the scope in a flattened source string.

...

Attributes

  • hash (boolean) (defaults to default is false)
    • If set to true, the resulting DER-encoded key values are hashed via SHA-1 before being base64-encoded. Note that this is a different hashing operation than the generic one supported with the hashAlg attribute, described above.
  • keyInfoHashAlg (string) (defaults to default is "SHA1") (Version 2.3 and Above)
    • Optional name of hashing algorithm to use if the hash option is enabled. The algorithm names to use here are dependent on the cryptographic library that supplies the hashing. In the case of OpenSSL, they're simple names like "SHA1" or "SHA256".

...

  • Mapping (optional)
    • Allows an XML attribute or element to be "mapped" into a shorter or qualified name in the resulting structured representation of the data. The purpose of this feature is to allow for namespace-qualified XML by allowing qualified names to be turned into local "tags" that don't require the two part structure of a qualified name.
      • from (QName)
        • A required XML attribute identifying the qualified attribute or element name to map.
      • to (string)
        • A required XML attribute identifying the internal name to use when storing the mapped attribute or element.

...

Base64 AttributeDecoder (Version 2.4 and Above)

Indicated by xsi:type="Base64AttributeDecoder", processes SAML attribute values that are base64-encoded UTF-8 by decoding them back into UTF-8.

Note

This decoder has no way to determine whether the underlying data is in fact UTF-8, so it should be used with trusted IdPs only and with caution. If the data is binary, it will be exposed to applications as raw octets up to the first null character in the decoded data.