attribute

This command defines the list of SAML attributes for AAA postprocessing.

Syntax

Sets the source with a variable.: attribute var [name] [format] [variable] [value] [friendly_name]
Sets the source with an input message.: attribute xpath name [format] XPath [friendly_name]
Sets the source with a static value.: attribute static name [format] [information] [friendly_name]

var: Indicates that the source is a variable.
xpath: Indicates that the source is an input message.
static: Indicate that the source is a static value.
name: Specifies the name of the SAML attribute.
format: Specifies the namespace URI for the SAML 1.x attribute or the NameFormat value for the SAML 2.0 attribute.
variable: Specifies the information to get the value for the SAML attribute.
XPath: Specifies the XPath to get the value for the SAML attribute when the source is an input message.
value: Specifies the value to match the name attribute of the specified variable.
information: Specifies the information to get the value for the SAML attribute.
friendly_name: Specifies a meaningful name for the SAML attribute.

The attribute command defines the list of SAML attributes for AAA postprocessing.

The following guidelines apply when the attribute data source is a variable:

When you specify an empty string for the name property, the content that is retrieved from the variable is used.
When you use the variable property, specify the variable name. You can input an empty string as the variable name to use the default variable var://context/ldap/auxiliary-attributes. That variable is maintained by LDAP authentication or authorization to query auxiliary LDAP attributes. In either case, the variable that is used here must contain a result element with a list of attribute elements. Each attribute element must contain a name attribute, which is used to match the value property.
When you use the value property, specify a value to match the name attribute of the attribute-value elements that are carried by that variable. When this value is empty, the value of each attribute-value element is treated as one SAML AttributeValue. If multiple attribute-values are carried by the variable, multiple SAML AttributeValue elements are in one SAML Attribute element.

When the source is an XPath expression, the XML node is the value for the SAML attribute that the XPath expression points to.

When the source is a static value and you use the information property, specify the static string value.