AnsweredAssumed Answered

SAML - Add additional attributes (not in userstore)

Question asked by Jeff.Minder on Jan 13, 2017
Latest reply on May 31, 2018 by Kaladhar.Brahmanapally

SAML 2.0 IDP running SiteMinder v12.52 needs to send additional attributes which are not contained in the user store.  I've come up with two possible ways to handle this...   Wanted to see if others had comments on these two methods relative to their level of effort to implement/support, or other possible solutions.

 

--- Method #1
Write an Assertion Generator Plugin (AGP) which makes a REST call to retrieve the additional attribute values, then inject them into the assertion.

 

--- Method #2

Send the user to an intermediate protected resource which uses the session store.  Store the arbitrary data in the session store.   When the inter-site transfer link is clicked, pull the arbitrary data from the session store and insert into the assertion.

Thoughts?

 

-J

Outcomes