<AttributeFilter> element configures the component used to "filter" incoming attributes to prevent applications protected by an SP from seeing data that violates whatever policies the filter implements. A few example use cases include:
While there are no specifically "mandated" points at which filters run, the SP generally invokes filtering immediately prior to the caching of a set of attributes into a user's session. Actually performing the filtering process is typically up to an AssertionConsumerService handler (in the case of attributes delivered during SSO) or an AttributeResolver.
|XML||The only type included with the software, implements an XML-based rule syntax for filtering rules that is a derivation of the original filtering syntax from the Shibboleth IdP software|
<AttributeFilter> plugins support the following attributes:
Specifies the type of AttributeFilter plugin to use