Resolving attributes from a SAML proxy
Michael Grady
mgrady at unicon.net
Wed Oct 6 19:29:01 UTC 2021
> On Oct 6, 2021, at 2:03 PM, Wessel, Keith <kwessel at illinois.edu> wrote:
>
> I also see that I need to add the attribute to my attribute filter config to allow the ADFS IdP to assert it.
>
> DO I also need to add an attribute definition so that I can use the attribute elsewhere in the IdP, resolving it and doing things like... oh, I don't know... deciding if the upstread IdP performed MFA so I can release the right ACR value?
Keith, you need the attribute registry stuff to first make it available. See the Azure AD doc here:
https://shibboleth.atlassian.net/wiki/spaces/KB/pages/1467056889/Using+SAML+Proxying+in+the+Shibboleth+IdP+to+connect+with+Azure+AD <https://shibboleth.atlassian.net/wiki/spaces/KB/pages/1467056889/Using+SAML+Proxying+in+the+Shibboleth+IdP+to+connect+with+Azure+AD>
See Proxy Task 3, but adjust as necessary for the name/format on the wire for your use case.
--
Michael A. Grady
IAM Architect, Unicon, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20211006/cf1eb80d/attachment.htm>
More information about the users
mailing list