Handling a custom SAML V2 extension for requesting attributes per request

Cantor, Scott cantor.2 at osu.edu
Wed Feb 12 13:28:46 EST 2020

> Then you should really change it to match, because we already support the
> standard extension (in V4) out of the box in a very advanced way that goes way
> beyond anything you would probably implement, and there's no good place to
> extend the system to do something like this.

Actually an inbound interceptor probably could do it in fact, but care has to be taken to ensure the pre-defined inbound security flow runs.

The handler that implements the standard extension is in org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler in OpenSAML 4.

We normalize everything that uses the RequestedAttribute element from metadata into a pseudo AttributeConsumingService as through it came from metadata to start with to trigger all the existing behavior we already implemented.

Any further discussion should be on the dev list, and really there won't be much from me because this is member support territory.

-- Scott

More information about the users mailing list