IDPSSODescriptor containing list of attributes
makst at upenn.edu
Thu Nov 17 20:55:51 UTC 2022
My IdP does not contain supported attributes, but a peer organization's IdP metadata does.
I believe it's completely optional and in no way should it drive a services configuration.
On 11/17/22, 3:40 PM, "users on behalf of Paul B. Henson" <users-bounces at shibboleth.net on behalf of henson at cpp.edu> wrote:
So in my ongoing month long quest to get a clueless vendor onboarded to our idp, the latest thing they are saying is that idp metadata is supposed contain a list of attributes that will be sent to the service provider. Honestly, I had never heard of this, but double checking the specification, it seems it is indeed allowed, although nothing I have ever seen. And even if the idp metadata did contain a list of attributes, it appears to be defined as a generic list of attributes the idp supports, not the specific set of attributes it intends to release to a given SP.
I'm just curious, has anyone ever actually included attributes in their idp metadata or received metadata from someone else that did?
Paul B. Henson | (909) 979-6361 | https://urldefense.com/v3/__http://www.cpp.edu/*henson/__;fg!!IBzWLUs!SjUa0iRTWgYm41RNFF7UP5kecIlr6CG7X5XtCiT2AB4s1PptjE1UXMNCSH_c2PW4Wgg-nLQFfkufdQ$
Operating Systems and Network Analyst | henson at cpp.edu
California State Polytechnic University | Pomona CA 91768
For Consortium Member technical support, see https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!IBzWLUs!SjUa0iRTWgYm41RNFF7UP5kecIlr6CG7X5XtCiT2AB4s1PptjE1UXMNCSH_c2PW4Wgg-nLQcaA07Hg$
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users