Resolving attributes from a SAML proxy
kwessel at illinois.edu
Wed Oct 6 19:03:52 UTC 2021
I'm chasing my tail here, and to make things more complicated, this page either seems broken or implete:
The reference section is empty.
I'm trying to get an attribute, not the subject, back from a SAML proxy. I've still got the setup from IdP 4.0 for retrieving the subject. I still need to update that. But that's working fine and mapping the uid to the subject. Now, I want to retrieve an additional attribute from the upstream IdP, and it's not one currently defined in my attribute resolver. It's a Microsoft-esque attribute.
I know I can pull the attributes back using the subjectDataConnector. I see I can supply a list of attributes to retrieve. Should those be friendly names or SAML2 attribute names in that list? I'm referring to the exportAttributes attribute to this data connector element.
I also see that I need to add the attribute to my attribute filter config to allow the ADFS IdP to assert it.
DO I also need to add an attribute definition so that I can use the attribute elsewhere in the IdP, resolving it and doing things like... oh, I don't know... deciding if the upstread IdP performed MFA so I can release the right ACR value?
More information about the users