The Incommon Federation wiki has moved.

Please visit the new InCommon Federation Library wiki for updated content. Remember to update your bookmarks.

Click in the link above if you are not automatically redirected in 15 seconds.

An entity attribute is a SAML attribute associated with a SAML entity (an identity provider or a service provider) in metadata. For example, an entity ID is a distinguished entity attribute associated with every SAML entity in metadata.

Like user attributes, entity attributes serve to label, categorize, and distinguish a particular entity in metadata. Some entity attributes are self-asserted while others are asserted by 3rd parties on behalf of the entity. For instance, a federation operator uses entity attributes to "tag" entities in metadata.


Here is an example of an entity attribute you might find in InCommon metadata:

<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">

In this case, the name of the attribute is and its value is Like all SAML attributes, an entity attribute may be single-valued or multi-valued. (As it turns out, the above entity attribute is multi-valued.)


Entity attributes are extremely useful. Operationally, entity attributes are used in policy configurations in lieu of entity IDs. The advantages of doing so are overwhelmingly positive.

Entity attributes are also used to refine the discovery interface. For example, an SP can use a particular entity attribute to filter the list of IdPs presented to the user.

See Entity Categories for more information about InCommon-supported entity attributes that can be used for these purposes.

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels