Extract IssueInstant in Shib SP

Fri Jan 22 01:08:04 UTC 2021

Hi,

Could someone help me to extract "IssueInstant" from the SAML response in
Shib SP.
In the AssertionAttributeExtractor I don't see any option to extract
"IssueInstant".

https://wiki.shibboleth.net/confluence/display/SP3/AssertionAttributeExtractor

Could someone guide me, how can I configure my attribute extractor for
"IssueInstant".

Here is the example SAML response.

<samlp:Response ID="_a4958bfd-e107-4e67-b06d-0d85ade2e76a" Version="2.0"
*IssueInstant="2013-03-18T07:38:15.144Z"* Destination="
https://contoso.com/identity/inboundsso.aspx"
InResponseTo="id758d0ef385634593a77bdf7e632984b6"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
  <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
https://login.microsoftonline.com/82869000-6ad1-48f0-8171-272ed18796e9/
</Issuer>
  <ds:Signature xmlns:ds="https://www.w3.org/2000/09/xmldsig#">
    ...
  </ds:Signature>
  <samlp:Status>
    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
  </samlp:Status>
  <Assertion ID="_bf9c623d-cc20-407a-9a59-c2d0aee84d12"
*IssueInstant="2013-03-18T07:38:15.144Z"* Version="2.0"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
    <Issuer>
https://login.microsoftonline.com/82869000-6ad1-48f0-8171-272ed18796e9/
</Issuer>
    <ds:Signature xmlns:ds="https://www.w3.org/2000/09/xmldsig#">
      ...
    </ds:Signature>
    <Subject>
      <NameID>Uz2Pqz1X7pxe4XLWxV9KJQ+n59d573SepSAkuYKSde8=</NameID>
      <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
        <SubjectConfirmationData
InResponseTo="id758d0ef385634593a77bdf7e632984b6"
NotOnOrAfter="2013-03-18T07:43:15.144Z" Recipient="
https://contoso.com/identity/inboundsso.aspx" />
      </SubjectConfirmation>
    </Subject>
    <Conditions NotBefore="2013-03-18T07:38:15.128Z"
NotOnOrAfter="2013-03-18T08:48:15.128Z">
      <AudienceRestriction>
        <Audience>https://www.contoso.com</Audience>
      </AudienceRestriction>
    </Conditions>
    <AttributeStatement>
      <Attribute Name="
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
        <AttributeValue>testuser at contoso.com</AttributeValue>
      </Attribute>
      <Attribute Name="
http://schemas.microsoft.com/identity/claims/objectidentifier">

<AttributeValue>3F2504E0-4F89-11D3-9A0C-0305E82C3301</AttributeValue>
      </Attribute>
      ...
    </AttributeStatement>
    <AuthnStatement AuthnInstant="2013-03-18T07:33:56.000Z"
SessionIndex="_bf9c623d-cc20-407a-9a59-c2d0aee84d12">
      <AuthnContext>
        <AuthnContextClassRef>
urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
      </AuthnContext>
    </AuthnStatement>
  </Assertion>
</samlp:Response>

Thank you,
Prasanth
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210122/13cc5c98/attachment.htm>