SAML 2.0 Auth Scheme--Add Attributes Settings
To evaluate an authorization request that is based on SAML 2.0 user attributes, add a stmndr attribute called a federation attribute variable to a policy expression. Include the policy expression in the policy protecting the target resource at the SAML Requester. When this variable is used in a policy, the SAML Requester sends a query message to the Attribute Authority.
casso126
HID_saml2-auth-add-attributes
To evaluate an authorization request that is based on SAML 2.0 user attributes, add a
CA Single Sign-On
attribute called a federation attribute variable to a policy expression. Include the policy expression in the policy protecting the target resource at the SAML Requester. When this variable is used in a policy, the SAML Requester sends a query message to the Attribute Authority.To add attributes, click Add.
The Add Attributes dialog contains the following settings:
Add Attributes Dialog
- Local NameSpecifies the unique local name of the attribute. The federation attribute variable uses this name. You specify the federation attribute variable as part of your policy configuration to protect a resource.The Local Name value in this dialog must match the Local Name field for the federation attribute variable. A federation attribute value is used in the policy expression. You can add a policy expression to an authentication scheme to protect a resource at the SAML requester site.Limits:a unique alphanumeric string from 1 to 1024 characters.You can have attributes with the same name but with different name formats.The Local Name field enables you to change the name of the requested attribute without changing the policy expression that protects the resource.Example:Attribute configuration:
- Local Name:local1
- Attribute Name: telephone
- Name Format:unspecified
- Name=fedvar1
- IdP ID=AttributeAuthority1
- Local Name=local1
- (fedvar1=="STATIC_VALUE")
telephonetotitle,only the requested attribute changes. The federation variable and the policy expression do not have to change. - Attribute NameSpecifies the unique name that the SAML requester includes in the attribute query. This value matches the value of the Variable Name field for an attribute that is configured at the Attribute Authority.
- Name FormatDefines the format of the attribute. The options are:
- Unspecified
- Basic
- URI