IDPSSODescriptor containing list of attributes

[Mak, Steven]

My IdP does not contain supported attributes, but a peer organization's IdP metadata does.

I believe it's completely optional and in no way should it drive a services configuration.

- Steve

On 11/17/22, 3:40 PM, "users on behalf of Paul B. Henson" <users-bounces at shibboleth.net on behalf of henson at cpp.edu> wrote:

    So in my ongoing month long quest to get a clueless vendor onboarded to our idp, the latest thing they are saying is that idp metadata is supposed contain a list of attributes that will be sent to the service provider. Honestly, I had never heard of this, but double checking the specification, it seems it is indeed allowed, although nothing I have ever seen. And even if the idp metadata did contain a list of attributes, it appears to be defined as a generic list of attributes the idp supports, not the specific set of attributes it intends to release to a given SP.

    I'm just curious, has anyone ever actually included attributes in their idp metadata or received metadata from someone else that did?

    --
    Paul B. Henson  |  (909) 979-6361  |  https://urldefense.com/v3/__http://www.cpp.edu/*henson/__;fg!!IBzWLUs!SjUa0iRTWgYm41RNFF7UP5kecIlr6CG7X5XtCiT2AB4s1PptjE1UXMNCSH_c2PW4Wgg-nLQFfkufdQ$ 
    Operating Systems and Network Analyst  |  henson at cpp.edu
    California State Polytechnic University  |  Pomona CA 91768

    -- 
    For Consortium Member technical support, see https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!IBzWLUs!SjUa0iRTWgYm41RNFF7UP5kecIlr6CG7X5XtCiT2AB4s1PptjE1UXMNCSH_c2PW4Wgg-nLQcaA07Hg$ 
    To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net