You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 26 Next »

Jump to: 

Requested Attributes in Service Provider (SP) metadata are used by the Identity Provider (IdP) to make attribute release decisions. An IdP may also use it in conjunction with other user interface elements to construct the user attribute release consent form. We recommend an SP outlines required and optional attribute needs using the Requested Attributes metadata elements.

Configure Requested Attributes using Federation Manager

See SP SSO Settings (SPSSODescriptor).

Requested Attributes in InCommon metadata

The SAML V2.0 Metadata specification (one of the SAML V2.0 family of specifications) supports zero or more <md:AttributeConsumingService> elements. Each <md:AttributeConsumingService> element contains one or more <md:RequestedAttribute> elements. These elements are used to communicate SP attribute requirements to IdPs.

InCommon metadata supports at most one <md:AttributeConsumingService> element. When you configure Requested Attributes using Federation Manager, one <md:RequestedAttribute> element is inserted into metadata for every attribute selected from the interface. Each <md:RequestedAttribute> element inserted into metadata is a SAML2-formatted attribute. SAML1-formatted <md:RequestedAttribute> elements in metadata are not supported.

An example follows:

<!-- Requested Attributes for InCommon SPs -->
<md:AttributeConsumingService index="1"
    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
  <md:ServiceName xml:lang="en">...</md:ServiceName>
  <md:ServiceDescription xml:lang="en">...</md:ServiceDescription>
  <!-- SAML V2.0 attribute syntax -->
  <md:RequestedAttribute isRequired="true"
      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
      Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
      FriendlyName="eduPersonPrincipalName"/>
  <md:RequestedAttribute
      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
      Name="urn:oid:2.16.840.1.113730.3.1.241"
      FriendlyName="displayName"/>
</md:AttributeConsumingService>

The <md:ServiceName> and <md:ServiceDescription> child elements of the <md:AttributeConsumingService> element correspond to the <mdui:DisplayName> and <mdui:Description> child elements of the <mdui:UIInfo> element, respectively. See the User interface elements topic for more detail about the <mdui:UIInfo> element.


Working with SAML metadata

Related content

Get help

Can't find what you are looking for?

help Ask the community


  • No labels