SAML 2.0 IDP running SiteMinder v12.52 needs to send additional attributes which are not contained in the user store. I've come up with two possible ways to handle this... Wanted to see if others had comments on these two methods relative to their level of effort to implement/support, or other possible solutions.
--- Method #1
Write an Assertion Generator Plugin (AGP) which makes a REST call to retrieve the additional attribute values, then inject them into the assertion.
--- Method #2
Send the user to an intermediate protected resource which uses the session store. Store the arbitrary data in the session store. When the inter-site transfer link is clicked, pull the arbitrary data from the session store and insert into the assertion.
Thoughts?
-J