The Incommon Federation wiki has moved.

Please visit the new InCommon Federation Library wiki for updated content. Remember to update your bookmarks.

Click in the link above if you are not automatically redirected in 15 seconds.



You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Default Attribute Release

Assuming an IdP is configured to respond to a SAML AuthnRequest from any SP, and assuming the AuthnRequest is well formed, an appropriate SAML response can take on many forms:

  1. Return an empty SAML response (with no NameID or user attributes) to all SPs
  2. Release a SAML Transient NameID (but no user attributes) to all SPs
  3. Release eduPersonTargetedID to all SPs
  4. Release eduPersonPrincipalName to all SPs
  5. Release the Essential Attribute Bundle to all SPs

The above attribute release policies are listed in order of increasing interoperability. Start by considering the latter and work your way backwards to determine the default policy that is best for you and your users.

Recommended Default Attribute Release Policy

All IdPs in the InCommon Federation SHOULD release a persistent identifier (ePPN or ePTID) to all SPs. Releasing the Essential Attribute Bundle to all SPs provides the best federated user experience and is therefore a highly RECOMMENDED default attribute release policy.

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels