...
At runtime, requested attributes may be presented to the user on the consent page. The user will be asked whether or not the requested attributes should be released to the SP, so care should be taken to request only those attributes actually needed by the service.
However, there is no capability at the present time to express the need for one of a choice of attributes, or to indicate optionality. Rather, SPs should enumerate all the attributes their service will make use of, and leave the final decision up to the IdP based on what it supports and is willing to release or delegate to the user to decide. For example, if the SP accepts either "cn" or "displayName", both should be listed.
The administrative interface has input fields for one or more requested attributes. By submitting these fields, the administrator adds the corresponding attributes to metadata.
From the drop-down menu labeled Attribute Name, simply choose the desired attribute. If the chosen attribute is eduPersonAffiliation or eduPersonEntitlement, an optional Attribute Values field will appear. Enter the requested attribute value(s) (if any) separated by commas. Repeat the input process for each requested attribute.
Next to each requested attribute is a checkbox labeled "isRequired". If the the requested attribute is a required attribute, check the checkbox. In that case, an isRequired="true" XML attribute will be inserted into the corresponding <md:RequestedAttribute> element. If the "isRequired" checkbox is not checked, an isRequired XML is not inserted into the <md:RequestedAttribute> element.
Once the Save button is pressed, an <md:AttributeConsumingService> element (containing <md:RequestedAttribute> elements) is inserted into your metadata. One <md:RequestedAttribute> element will be inserted into metadata for every attribute chosen from the drop-down menu. See below for details.
| Info | ||
|---|---|---|
| ||
The meaning of the isRequired="true" XML attribute is given in the SAML V2.0 Metadata specification, which is quoted here for convenience: The optional isRequired "XML attribute indicates if the service requires the corresponding SAML attribute in order to function at all (as opposed to merely finding an attribute useful or desirable)." |
Technical Details
The SAML V2.0 Metadata specification (one of the SAML V2.0 family of specifications) supports zero or more <md:AttributeConsumingService> elements each containing one or more <md:RequestedAttribute> elements in SP metadata. These static elements are used to communicate SP attribute requirements to IdPs.
...