Attribute Mapping Examples
The examples in this section provide insight into more complex attribute mapping scenarios.
Working with defaults
<?xml version="1.0" encoding="UTF-8"?> <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xs="<http://www.w3.org/2001/XMLSchema>" ID="_7fcd6173-e6e0-45a4-a2fd-74a4ef85bf30" IssueInstant="2017-11-15T16:19:06.310Z" Version="2.0"> <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">[http://test.rackspace.com</saml2:Issuer>](http://test.rackspace.com</saml2:Issuer<); <saml2p:Status> <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </saml2p:Status> <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_406fb7fe-a519-4919-a42c-f67794a670a5" IssueInstant="2017-11-15T16:19:06.310Z" Version="2.0"> <saml2:Issuer>[http://my.rackspace.com</saml2:Issuer>](http://my.rackspace.com</saml2:Issuer<); <saml2:Subject> <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">john.doe</saml2:NameID> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml2:SubjectConfirmationData NotOnOrAfter="2017-11-17T16:19:06.298Z"/> </saml2:SubjectConfirmation> </saml2:Subject> <saml2:AuthnStatement AuthnInstant="2017-11-15T16:19:04.055Z"> <saml2:AuthnContext> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport </saml2:AuthnContextClassRef> </saml2:AuthnContext> </saml2:AuthnStatement> <saml2:AttributeStatement> <saml2:Attribute Name="roles"> <saml2:AttributeValue xmlns:xsi="<http://www.w3.org/2001/XMLSchema-instance>" xsi:type="xs:string">nova:admin</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="domain"> <saml2:AttributeValue xmlns:xsi="<http://www.w3.org/2001/XMLSchema-instance>" xsi:type="xs:string">323676</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="email"> <saml2:AttributeValue xmlns:xsi="<http://www.w3.org/2001/XMLSchema-instance>" xsi:type="xs:string">[email protected]</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="bar"> <saml2:AttributeValue xmlns:xsi="<http://www.w3.org/2001/XMLSchema-instance>" xsi:type="xs:string">BAR!</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="FirstName"> <saml2:AttributeValue xmlns:xsi="<http://www.w3.org/2001/XMLSchema-instance>" xsi:type="xs:string">John</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="LastName"> <saml2:AttributeValue xmlns:xsi="<http://www.w3.org/2001/XMLSchema-instance>" xsi:type="xs:string">Doe</saml2:AttributeValue> </saml2:Attribute> </saml2:AttributeStatement> </saml2:Assertion> </saml2p:Response> Default mapping:
mapping: version: RAX-1 rules: - local: user: domain: "{D}" name: "{D}" email: "{D}" roles: "{D}" expire: "{D}"Resulting attributes:
| domain | 323676 |
| name | john.doe |
| [email protected] | |
| roles | nova:admin |
| expire | 2017-11-17T16:19:06.298Z |
Accessing default from a different field:
mapping: version: RAX-1 rules: - local: user: domain: "{D}" name: "{D}" email: "{D(name)}@rackspace.com" roles: "{D}" expire: "{D}"Resulting attributes:
| domain | 323676 |
| name | john.doe |
| [email protected] | |
| roles | * nova:admin |
| expire | 2017-11-17T16:19:06.298Z |
More complex example with multiple substitutions
mapping: version: RAX-1 rules: - local: user: domain: "{D}" name: "{D}" email: "{D(name)} <{D(name)}@{D(domain)}.rackspace.com>" roles: "{D}" expire: "{D}"Resulting Attributes:
| domain | 323676 |
| name | john.doe |
| john.doe <[email protected]> | |
| roles | * nova:admin |
| expire | 2017-11-17T16:19:06.298Z |
Mixing in non-default attributes
mapping: version: RAX-1 rules: - local: user: domain: "{D}" name: "{D}" email: "{At(FirstName)} {At(LastName)} <{D(name)}@{D(domain)}.rackspace.com>" roles: "{D}" expire: "{D}" Resulting Attributes:
| domain | 323676 |
| name | john.doe |
| John Doe <[email protected]> | |
| roles | nova:admin |
| expire | 2017-11-17T16:19:06.298Z |
Updated 4 months ago