In SAML, requested attributes can be conveyed in two ways:
Via the requested attributes extension in the AuthnRequest, see here
Via Attribute Consuming Services in the metadata, and (optionally) an AttributeConsumingServiceIndex in the request
It is good to know that the Signicat Identity broker supports both methods. Via the requested attributes extension comes as part of the AuthnRequest and requires no additional configuration beforehand.
In case the SAML Identity Provider of your choice only supports via Attribute Consuming Services in the metadata, the Attribute Consuming Services need to be configured. Our user interface helps easily define those.
First, create a SAML attribute consuming service in the configuration-app:
The name can be used to clearly describe for which service you need the specified attributes.
The index will be used to convey to the IdentityProvider which attribute consuming service to use, using the AttributeConsumingServiceIndex.
Default: in case selected, this AttributeConsumingService will be requested by default (in case no AttributeConsumingServiceIndex is sent)
Attributes: the attributes that you require for your service (Check with the SAML Identity Provider of your choice, whether it supports these attributes)
After that is done, the metadata will be updated. To view the broker metadata, go to the configured SAML Identity Provider (in Authentication Providers) or configure a SAML Identity Provider.
In the SAML Identity Provider configuration screen, click on the button to get the broker metadata.
In the metadata the AttributeConsumingService has been added:
Send the new metadata file to the SAML Identity Provider.