IDPSSODescriptor containing list of attributes

Mak, Steven makst at
Thu Nov 17 20:55:51 UTC 2022

My IdP does not contain supported attributes, but a peer organization's IdP metadata does.

I believe it's completely optional and in no way should it drive a services configuration.

- Steve

On 11/17/22, 3:40 PM, "users on behalf of Paul B. Henson" <users-bounces at on behalf of henson at> wrote:

    So in my ongoing month long quest to get a clueless vendor onboarded to our idp, the latest thing they are saying is that idp metadata is supposed contain a list of attributes that will be sent to the service provider. Honestly, I had never heard of this, but double checking the specification, it seems it is indeed allowed, although nothing I have ever seen. And even if the idp metadata did contain a list of attributes, it appears to be defined as a generic list of attributes the idp supports, not the specific set of attributes it intends to release to a given SP.

    I'm just curious, has anyone ever actually included attributes in their idp metadata or received metadata from someone else that did?

    Paul B. Henson  |  (909) 979-6361  |*henson/__;fg!!IBzWLUs!SjUa0iRTWgYm41RNFF7UP5kecIlr6CG7X5XtCiT2AB4s1PptjE1UXMNCSH_c2PW4Wgg-nLQFfkufdQ$ 
    Operating Systems and Network Analyst  |  henson at
    California State Polytechnic University  |  Pomona CA 91768

    For Consortium Member technical support, see;!!IBzWLUs!SjUa0iRTWgYm41RNFF7UP5kecIlr6CG7X5XtCiT2AB4s1PptjE1UXMNCSH_c2PW4Wgg-nLQcaA07Hg$ 
    To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list