Shibboleth IDP4 - AttributeEncoder - friendlyName

prasanna cg prasannacgin at
Mon Aug 17 17:12:19 UTC 2020

Hello Experts,

In Shibboleth v4, I have the following attribute definition in my resolver xml. As you can see below, I am using the SAML2String attribute encoder plugin without the “friendlyName” definition. However, in the SAML response,  the IDP sends out the attribute statement containing the “friendlyName” and its value is the one defined for “name”


1) Is this the expected behavior of SAML2String encoder in v4 ? The reason I am asking is, this isn't the way the SAML2String plugin behaved in my IDPv3. 

2)  Is there a way to NOT send the “friendlyName” in the attribute statement ?

Am I missing something ?

Attribute Resolver :

<AttributeDefinition xsi:type="Simple" id="firstname">
    <InputDataConnector ref="ActiveDirectory" attributeNames="givenName" />
    <AttributeEncoder xsi:type="SAML2String" name="firstname" encodeType="false" />

SAML Statement :

 <saml2:Attribute FriendlyName="firstname"

Please help !

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list