Handler dealing with attributes for SAML2. On the SP side, it converts IDP-returned Attributes and stores them under the user's HttpSession. On the IDP side, converts the given HttpSession attributes into SAML Response Attributes. SP-side code can retrieve the Attributes from a Map stored under the session key GeneralConstants.SESSION_ATTRIBUTE_MAP.
org.picketlink.identity.federation.web.handlers.saml2.SAML2AttributeHandler
Should be configured in WEB-INF/picketlink-handlers.xml
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:1.0"> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler"/> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler"/> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler"/> </Handlers>
|
# |
Name |
Type |
Objective |
Default Value |
SP/IDP |
Since Version |
|
1 |
ATTRIBUTE_MANAGER |
string |
fqn of attribute manager class |
org.picketlink.identity.federation.core.impl.EmptyAttributeManager |
IDP |
2.0 |
|
2 |
ATTRIBUTE_KEYS |
String |
a comma separated list of string values representing attributes to be sent |
|
IDP |
2.0 |
|
3 |
ATTRIBUTE_CHOOSE_FRIENDLY_NAME |
boolean |
set to true if you require attributes to be keyed by friendly name rather than default name. |
|
SP |
2.0 |
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AttributeHandler"> <Option Key="ATTRIBUTE_CHOOSE_FRIENDLY_NAME" Value="true"/> </Handler>
Map<String, List<Object>> sessionMap = (Map<String, List<Object>>) session .getAttribute(GeneralConstants.SESSION_ATTRIBUTE_MAP);
assertNotNull(sessionMap);
List<Object> values = sessionMap.get("testKey");
assertEquals("hello", values.get(0));