Requested Attributes in Metadata
Technical Details
Standard SAML metadata supports zero or more <md:AttributeConsumingService> elements each containing one or more <md:RequestedAttribute> elements in SP metadata. These static elements are used to communicate SP attribute requirements to IdPs.
InCommon metadata supports at most one <md:AttributeConsumingService> element. An example follows:
| Code Block | ||||
|---|---|---|---|---|
| ||||
<!-- Requested Attributes for InCommon SPs -->
<md:AttributeConsumingService index="1"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<md:ServiceName xml:lang="en">...</md:ServiceName>
<md:ServiceDescription xml:lang="en">...</md:ServiceDescription>
<!-- SAML V1.1 attribute syntax -->
<md:RequestedAttribute
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="urn:mace:dir:attribute-def:eduPersonPrincipalName"
FriendlyName="eduPersonPrincipalName"/>
<md:RequestedAttribute
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="urn:mace:dir:attribute-def:displayName"
FriendlyName="displayName"/>
<!-- SAML V2.0 attribute syntax -->
<md:RequestedAttribute
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
FriendlyName="eduPersonPrincipalName"/>
<md:RequestedAttribute
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="urn:oid:2.16.840.1.113730.3.1.241"
FriendlyName="displayName"/>
</md:AttributeConsumingService>
|
Note that two <md:RequestedAttribute> elements are inserted into metadata for every attribute selected from the interface. One of those attributes is a SAML1 attribute while the other is a SAML2 attribute. The IdP will automatically choose one or the other depending on the protocol.