Accessing and Releasing an Attribute from the IdP

Follow these steps to pull in and release an attribute from the IdP.

1. Pull in Raw Attributes

Shibboleth doesn't store any attributes about users itself; it relies on external data stores to supply user information to be released. These attributes are pulled from data sources using data connectors.

If none of these connectors meets your need, you may create a custom data connector.

2. Prepare Attributes

After defining a data connector, the IdP next needs to query the data source for attribute information. Once this attribute has been pulled in, it's transformed into a SAML attribute for transport to the SP. Along the way, they can be transformed, filtered, composed, split, and more. The rules that govern this process are the AttributeDefinitions.

If none of these definitions meet your need you may create a custom attribute definition.

3. Release Attributes

Once all of your attributes are defined you need to define a policy to release them to one or more service providers. Here's how to write a rule to release an attribute.

4. Testing Your Configuration

There are two tests available to ensure your attributes are being properly generated and released.