Add attribute name format property into SAML configurations

[DilshanSenarath]

Purpose

In the current implementation, the attribute statement of the SAML assertion sends each attribute's NameFormat as the Basic type. However, according to the SAML specification, there are two different types of NameFormat as follows:

• urn:oasis:names:tc:SAML:2.0:attrname-format:uri - if the name format is uri, then the attribute name should be in the uri format. A sample attribute is given below.

<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
    <saml:AttributeValue>[email protected]</saml:AttributeValue>
</saml:Attribute>

• urn:oasis:names:tc:SAML:2.0:attrname-format:basic - If the attribute name format is basic, then the attribute name will be a string which belongs to the type xs:Name type [1]. The attribute name should be a simple plain strings.

<saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
    <saml:AttributeValue>[email protected]</saml:AttributeValue>
</saml:Attribute>

This PR introduces support for configuring the NameFormat using one of the three values mentioned above through UI, SOAP and REST APIs. The selected NameFormat will then be displayed for each attribute in the AttributeStatement of the SAML assertion. However, to maintain backward compatibility, urn:oasis:names:tc:SAML:2.0:attrname-format:basic will remain the default NameFormat, even when URI attribute names are by default used in IS.

<>

Related Issue

• Improvement - add the ability to control released SAML attribute name formats wso2/product-is#4299

Related PRs

• Add attribute name format property into SAML configurations wso2/carbon-identity-framework#6267
• Add attribute name format property into SAML configurations wso2/identity-api-server#769

[1] https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf