IdPAddAttributeFilter can suppress attributes or send blank spaces instead?
Eric Goodman
Eric.Goodman at ucop.edu
Mon Nov 24 12:08:41 EST 2014
>I guess my question is, let's say I have the IdNumber to pass (it is in the Active Directory
>for example and it's not blank), however, can I, as an IdP, suppress to send it to that
>particular SP A but not to SP B.
[...]
>IdNumber attribute not showing at all in the SAML tracer
As other Rod said, if the filter disallows sending it, then it will not be part of the XML created, nor will it be part of the payload sent to the user's browser (or the SP if artifacts are in use).
There is no concept of a "global set" of attributes, which is what you seem to be thinking is the case. The only attributes sent are the ones you explicitly add; having defined the attribute has no effect on the XML (except making it available to include via filters). Otherwise the attribute statement you'd get at SP A would actually be:
<attributes>
<IdNumber>123</IdNumber>
<givenname>John</givenname>
<sn>Doe</sn>
<ePPN></ePPN>
<organization></organization>
<ePTID></ePTID>
... etc for a really large number of "null" attributes
</attributes>
--- Eric
More information about the users
mailing list