SAML 2.0 Attribute Svc Settings

You can configure an Identity Provider to act as an Attribute Authority. The Authority can respond to an attribute query from a SAML requester. The requester can authorize a user that is based on the retrieved attributes.
casso1283
You can configure an Identity Provider to act as an Attribute Authority. The Authority can respond to an attribute query from a SAML requester. The requester can authorize a user that is based on the retrieved attributes.
Configure the operation of the Authority in the Attribute Svc section of the Attributes dialog. This dialog contains the following fields:
  • Enable
    Lets the Identity Provider act as an Attribute Authority. The table to include requested attribute assertions that are based on a query message from a SAML requester.
    Default: 60 seconds
  • Require Signed Attribute Query
    Indicates that the Attribute Authority requires a digitally signed attribute query from the SAML Requester.
  • Validity Duration Second(s)
    Specifies the number of seconds that the assertion is valid.
  • Signing Options
    Designates the signing requirements for attribute assertions and responses.
    • Sign Assertion
      Instructs the Attribute Authority to sign only the attribute assertion. The SAML response is not signed.
    • Sign Response
      Instructs the Attribute Authority to sign only the SAML response.
    • Sign Both
      Instructs the Attribute Authority to sign the attribute assertion and the SAML response.
    • Sign Neither
      Instructs the Attribute Authority not to sign the attribute assertion nor the SAML response.
  • User Lookup
    Defines search specifications for user directory name spaces. The Attribute Authority uses the search specification to locate the user locally. The search specification must include the NameID of the subject from the attribute query to locate the user.
    Enter a search specification in the field for the namespace type you are using.
    At least one search specification are required