How to request IDP to send me additional custom attributes in the AuthnResponse?

随声附和 提交于 2019-12-13 18:27:15

问题


I've implemented SSO using spring SAML and I'm wondering is there any way to request the IDP(ssocircle.com in my case) to send me additional attributes along with nameID which it is already sending. Lets say I want the IdP to send me the accountID of the person who is authenticated successfully. I've searched a lot and found some suggestions like:

Overide the getAuthnRequest method in WebSSOProfileImpl.java so that the authnRequest sent to IdP has this attribute set. But I dont have any clue how to go ahead with this? Should I've to modify my SP metada too with this additional attribute name and format? If yes, how should i do that? Or can something be done with the RelayState parameter? Any help in this regard would be really appreciated.

Thanks,

Abhilash


回答1:


Abhilash,

Attributes to be provided to SP are typically configured on the IDP side in a vendor-specific way.

You can configure SSO Circle to send additional attributes by logging in to your account at https://idp.ssocircle.com/sso/UI/Login, select Manage Metadata, press "Add new Service Provider" (first remove the existing one if present) and make sure to check SAML attributes to be sent in AuthnRespose in the section "Attributes send in assertion (optional)". SSO Circle currently only supports attributes FirstName, LastName and EmailAddress.

SP can advertise attributes required to be provided by IDP in its metadata using elements RequestedAttribute. Support for this mechanism may vary among IDP and SP implementations. SAML protocol also allows SP to advise IDP on what attributes to send by including attribute AttributeConsumingServiceIndex in the AuthnRequest, but again this feature is not usually supported. Some custom SAML profiles define custom way to do this using the AuthnRequest's Extensions element.

Cheers, Vladimir Schafer



来源:https://stackoverflow.com/questions/22915077/how-to-request-idp-to-send-me-additional-custom-attributes-in-the-authnresponse

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!