Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Jump to:
| Table of Contents | ||||||||
|---|---|---|---|---|---|---|---|---|
|
Requested Attributes in Service Provider (SP) metadata are used by the Identity Provider (IdP) to make attribute release decisions. An IdP may also use it in conjunction with other user interface elements to construct the user attribute release consent form. We recommend an SP outlines required and optional attribute needs using the Requested Attributes metadata elements.
Configure Requested Attributes using Federation Manager
See saml-metadata-sp-sso-settings.
Requested Attributes in InCommon metadata
The SAML V2.0 Metadata specification (one of the SAML V2.0 family of specifications) supports zero or more <md:AttributeConsumingService> elements. Each <md:AttributeConsumingService> element contains one or more <md:RequestedAttribute> elements. These elements are used to communicate SP attribute requirements to IdPs.
InCommon metadata supports at most one <md:AttributeConsumingService> element. When you configure Requested Attributes using Federation Manager, one <md:RequestedAttribute> element is inserted into metadata for every attribute selected from the interface. Each <md:RequestedAttribute> element inserted into metadata is a SAML2-formatted attribute. SAML1-formatted <md:RequestedAttribute> elements in metadata are not supported.
An example follows:
| Code Block | ||
|---|---|---|
| ||
<!-- Requested Attributes for InCommon SPs -->
<md:AttributeConsumingService index="1"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<md:ServiceName xml:lang="en">...</md:ServiceName>
<md:ServiceDescription xml:lang="en">...</md:ServiceDescription>
<!-- SAML V2.0 attribute syntax -->
<md:RequestedAttribute isRequired="true"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
FriendlyName="eduPersonPrincipalName"/>
<md:RequestedAttribute
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="urn:oid:2.16.840.1.113730.3.1.241"
FriendlyName="displayName"/>
</md:AttributeConsumingService> |
The <md:ServiceName> and <md:ServiceDescription> child elements of the <md:AttributeConsumingService> element correspond to the <mdui:DisplayName> and <mdui:Description> child elements of the <mdui:UIInfo> element, respectively. See the saml-metadata-mdui-elements topic for more detail about the <mdui:UIInfo> element.
Working with SAML metadata
| Content by Label | ||||||||
|---|---|---|---|---|---|---|---|---|
|
Related content
| Content by Label | ||||||||
|---|---|---|---|---|---|---|---|---|
|
Get help
Can't find what you are looking for?
| Button Hyperlink | ||||||||
|---|---|---|---|---|---|---|---|---|
|