# Requested Attributes (SAML)

The meaning of the information is dependent on the Authn Connector. There are three mechanisms for determining the RequestedAttributes:

  1. AttributeConsumingServiceIndex: The AttributeConsumingServiceIndex in the AuthnRequest is used to look up the AttributeConsumingService from the metadata from the connection. The RequestedAttributes from the AttributeConsumingService will be used.
  2. RequestedAttribute SAML extension: The RequestedAttributes element from the AuthnRequest is used. (See the official specification here (opens new window).)
  3. Using Broker services.

# Example AttributeConsumingServiceIndex with AuthnRequest

<samlp:AuthnRequest AttributeConsumingServiceIndex="1"></samlp:AuthnRequest>

# Example AttributeConsumingServiceIndex and with Metadata

<md:EntityDescriptor>
  <md:SPSSODescriptor>
    <md:AttributeConsumingService index="1">
      <md:ServiceName xml:lang="en">Example Service</md:ServiceName>
      <md:RequestedAttribute isRequired="true" Name="firstName"/>
      <md:RequestedAttribute Name="email"/>
    </md:AttributeConsumingService>
  </md:SPSSODescriptor>
</md:EntityDescriptor>

# Gives:

{
  "requestedAttributes": [
      "firstName", 
      "email"
  ]
}

# Example RequestedAttribute

<samlp:AuthnRequest>
  <samlp:Extensions>
      <req-attr:RequestedAttributes>
          <md:RequestedAttribute Name="firstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
          <md:RequestedAttribute Name="lastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
          <md:RequestedAttribute Name="role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
              <saml:AttributeValue>User</saml:AttributeValue>
              <saml:AttributeValue>Administrator</saml:AttributeValue>
          </md:RequestedAttribute>
      </req-attr:RequestedAttributes>
  </samlp:Extensions>
</samlp:AuthnRequest>

# Gives:

{
  "requestedAttributes": [
      "firstName", "lastName", "role"
  ]
}
Last updated: 9/20/23, 12:13:17 PM UTC