getting to grips with saml2 attributes

Fri, Nov 5, 2010

When I built the SAML2 [1] Web Browser SSO Profile into the Guanxi IdP and SP, I based the attribute release from the IdP on a specific profile. The X.500/LDAP Attribute Profile[2] which looks like this:

However, there's another profile out there. The SAML2 Basic Attribute Profile[3], which looks like this:

The word on the streets is the former is the one to use, even though it’s just bloatware. I mean, why have so much crammed in there when all you want is the name and value of the attribute? Why not just use the basic attribute profile? Turns out some SPs do use the basic attribute profile so I’m now adding support for this to the Guanxi IdP and SP.

References

[1] SAML2 Specifications

[2] SAML2 X.500/LDAP Attribute Profile [PDF]

[3] SAML2 Basic Attribute Profile [PDF]

comments powered by Disqus