Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-1217

Support for RequestedAttributes AuthnRequest extension

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.4.0
    • Component/s: Attribute Mapper, SAML2
    • Labels:
      None

      Description

      An extension [1] was ratified to embed a RequestedAttributes array in an AuthnRequest extension as a dynamic signal for attributes during SSO. We have the machinery to process this already in place so it's probably not a ton of work to support this. The expedient thing may be to just simulate the use of an AttributeConsumingService by perhaps manufacturing a fake one to embed in an AttributeConsumingServiceContext.

      By spec, the use of an AttributeConsumingServiceIndex overrides this extension. If we extend the existing action bean that pulls out the index and have it mock up an AttributeConsumingService the support is likely automatic.

      [1] https://lists.oasis-open.org/archives/security-services-comment/201709/msg00000.html

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              cantor.2@osu.edu Scott Cantor
              Reporter:
              cantor.2@osu.edu Scott Cantor
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 4 hours
                  4h
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 15 minutes Time Not Required
                  15m