JBoss Community Archive (Read Only)

PicketLink

User-defined SAML Assertion Attributes

Introduction

This page describes how to customize PicketLink to populate user-defined attributes into the assertion.

Create and Configure an Attribute Manager

Attributes are managed by an Attribute Manager. This component is represented by the interface org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2AttributeManager.

The Attribute Manager is used by the IdP to load custom attributes and populate them into a SAML Assertion. That way you can send any attribute you want to relying parties. To provide your own attributes you just need to write a class that implements SAML2AttributeManager and override a method as follows: 

public class MySAML2AttributeManager implements SAML2AttributeManager {

    @Override
    public Set<AttributeStatementType> getAttributes(AuthnRequestType authnRequestType, Principal userPrincipal) {
        Set<AttributeStatementType> attributeStatementTypes = new HashSet<AttributeStatementType>();
        AttributeStatementType attrStatement = new AttributeStatementType();
        AttributeType attr = new AttributeType("Attribute1");

        attr.setNameFormat(JBossSAMLURIConstants.NAMEID_FORMAT_UNSPECIFIED.get());
        attr.addAttributeValue("AttributeValue1");

        attrStatement.addAttribute(new AttributeStatementType.ASTChoiceType(attr));

        attributeStatementTypes.add(attrStatement);

        return attributeStatementTypes;
    }

    @Override
    public Map<String, Object> getAttributes(Principal userPrincipal, List<String> attributeKeys) {
        return null;
    }
}

The method getAttributes(Principal, List<String>) was deprecated. You can return null. It is still used for backward compatibility for those using the AttributeManager interface directly. Which is the base interface of SAML2AttributeManager.

To configure your custom attribute manager to your IdP you need to define the AttributeManager attribute of the PicketLinkIDP element using the FQN of the class, as follows: 

<PicketLinkIDP xmlns="urn:picketlink:identity-federation:config:1.0"      
    AttributeManager="org.picketlink.test.identity.federation.bindings.authenticators.idp.MySAML2AttributeManager">

    ...

</PicketLinkIDP>
JBoss.org Content Archive (Read Only), exported from JBoss Community Documentation Editor at 2020-03-11 12:18:11 UTC, last content change 2014-11-07 12:17:02 UTC.