1 <ar:AttributeResolver xmlns:ar="urn:mace:shibboleth:2.0:resolver:simple"
2 xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4 xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver:simple @-PKGXMLDIR-@/shibboleth-2.0-simple-resolver.xsd"
8 Built-in decoders that can extract SAML Attribute data.
9 Custom decoders can be configured here as well.
11 <ar:AttributeDecoder id="Simple" type="Simple"/>
12 <ar:AttributeDecoder id="Scoped" type="Scoped"/>
13 <ar:AttributeDecoder id="NameID" type="NameID" formatter="$Name!!$NameQualifier!!$SPNameQualifier"/>
16 The simple resolver just enumerates SAML Attribute elements, each one
17 referencing a specific Attribute by its name on the wire, and its local
18 "friendly" ID. All Attributes that should be visible to an application
19 should be listed, or they will be ignored by the resolver.
22 <!-- First some useful eduPerson attributes that many sites might use. -->
24 <saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonPrincipalName" FriendlyName="REMOTE_USER" ar:decoderId="Scoped"/>
25 <saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" FriendlyName="affiliation" ar:decoderId="Scoped"/>
26 <saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonAffiliation" FriendlyName="unscoped-affiliation" ar:decoderId="Simple"/>
27 <saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonEntitlement" FriendlyName="entitlement" ar:decoderId="Simple"/>
29 <!-- A persistent id attribute that supports personalized anonymous access. -->
31 <!-- First, the deprecated version: -->
32 <saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonTargetedID" FriendlyName="REMOTE_USER" ar:decoderId="Scoped"/>
34 <!-- Second, the new version (note the OID-style name): -->
35 <saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" FriendlyName="REMOTE_USER" ar:decoderId="NameID"/>
37 <!-- Third, the SAML 2.0 NameID Format: -->
38 <saml:Attribute Name="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" FriendlyName="REMOTE_USER" ar:decoderId="NameID"/>
40 <!-- Some more eduPerson attributes, uncomment these to use them... -->
42 <saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonNickname" FriendlyName="nickname" ar:decoderId="Simple"/>
43 <saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" FriendlyName="primary-affiliation" ar:decoderId="Simple"/>
44 <saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN" FriendlyName="primary-orgunit-dn" ar:decoderId="Simple"/>
45 <saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonOrgUnitDN" FriendlyName="orgunit-dn" ar:decoderId="Simple"/>
46 <saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonOrgDN" FriendlyName="org-dn" ar:decoderId="Simple"/>
49 <!--Examples of LDAP-based attributes, uncomment to use these... -->
51 <saml:Attribute Name="urn:mace:dir:attribute-def:cn" FriendlyName="cn" ar:decoderId="Simple"/>
52 <saml:Attribute Name="urn:mace:dir:attribute-def:sn" FriendlyName="sn" ar:decoderId="Simple"/>
53 <saml:Attribute Name="urn:mace:dir:attribute-def:givenName" FriendlyName="givenName" ar:decoderId="Simple"/>
54 <saml:Attribute Name="urn:mace:dir:attribute-def:mail" FriendlyName="mail" ar:decoderId="Simple"/>
55 <saml:Attribute Name="urn:mace:dir:attribute-def:telephoneNumber" FriendlyName="telephoneNumber" ar:decoderId="Simple"/>
56 <saml:Attribute Name="urn:mace:dir:attribute-def:title" FriendlyName="title" ar:decoderId="Simple"/>
57 <saml:Attribute Name="urn:mace:dir:attribute-def:initials" FriendlyName="initials" ar:decoderId="Simple"/>
58 <saml:Attribute Name="urn:mace:dir:attribute-def:description" FriendlyName="description" ar:decoderId="Simple"/>
59 <saml:Attribute Name="urn:mace:dir:attribute-def:carLicense" FriendlyName="carLicense" ar:decoderId="Simple"/>
60 <saml:Attribute Name="urn:mace:dir:attribute-def:departmentNumber" FriendlyName="departmentNumber" ar:decoderId="Simple"/>
61 <saml:Attribute Name="urn:mace:dir:attribute-def:displayName" FriendlyName="displayName" ar:decoderId="Simple"/>
62 <saml:Attribute Name="urn:mace:dir:attribute-def:employeeNumber" FriendlyName="employeeNumber" ar:decoderId="Simple"/>
63 <saml:Attribute Name="urn:mace:dir:attribute-def:employeeType" FriendlyName="employeeType" ar:decoderId="Simple"/>
64 <saml:Attribute Name="urn:mace:dir:attribute-def:preferredLanguage" FriendlyName="preferredLanguage" ar:decoderId="Simple"/>
65 <saml:Attribute Name="urn:mace:dir:attribute-def:manager" FriendlyName="manager" ar:decoderId="Simple"/>
66 <saml:Attribute Name="urn:mace:dir:attribute-def:seeAlso" FriendlyName="seeAlso" ar:decoderId="Simple"/>
67 <saml:Attribute Name="urn:mace:dir:attribute-def:facsimileTelephoneNumber" FriendlyName="facsimileTelephoneNumber" ar:decoderId="Simple"/>
68 <saml:Attribute Name="urn:mace:dir:attribute-def:street" FriendlyName="street" ar:decoderId="Simple"/>
69 <saml:Attribute Name="urn:mace:dir:attribute-def:postOfficeBox" FriendlyName="postOfficeBox" ar:decoderId="Simple"/>
70 <saml:Attribute Name="urn:mace:dir:attribute-def:postalCode" FriendlyName="postalCode" ar:decoderId="Simple"/>
71 <saml:Attribute Name="urn:mace:dir:attribute-def:st" FriendlyName="st" ar:decoderId="Simple"/>
72 <saml:Attribute Name="urn:mace:dir:attribute-def:l" FriendlyName="l" ar:decoderId="Simple"/>
73 <saml:Attribute Name="urn:mace:dir:attribute-def:ou" FriendlyName="ou" ar:decoderId="Simple"/>
74 <saml:Attribute Name="urn:mace:dir:attribute-def:businessCategory" FriendlyName="businessCategory" ar:decoderId="Simple"/>
75 <saml:Attribute Name="urn:mace:dir:attribute-def:physicalDeliveryOfficeName" FriendlyName="physicalDeliveryOfficeName" ar:decoderId="Simple"/>
78 </ar::AttributeResolver>
projects / shibboleth / sp.git / blob