SAML 2.0 Attribute Svc Settings
You can configure an Identity Provider to act as an Attribute Authority. The Authority can respond to an attribute query from a SAML requester. The requester can authorize a user that is based on the retrieved attributes.
casso1283
You can configure an Identity Provider to act as an Attribute Authority. The Authority can respond to an attribute query from a SAML requester. The requester can authorize a user that is based on the retrieved attributes.
Configure the operation of the Authority in the Attribute Svc section of the Attributes dialog. This dialog contains the following fields:
- EnableLets the Identity Provider act as an Attribute Authority. The table to include requested attribute assertions that are based on a query message from a SAML requester.Default: 60 seconds
- Require Signed Attribute QueryIndicates that the Attribute Authority requires a digitally signed attribute query from the SAML Requester.
- Validity Duration Second(s)Specifies the number of seconds that the assertion is valid.
- Signing OptionsDesignates the signing requirements for attribute assertions and responses.
- Sign AssertionInstructs the Attribute Authority to sign only the attribute assertion. The SAML response is not signed.
- Sign ResponseInstructs the Attribute Authority to sign only the SAML response.
- Sign BothInstructs the Attribute Authority to sign the attribute assertion and the SAML response.
- Sign NeitherInstructs the Attribute Authority not to sign the attribute assertion nor the SAML response.
- User LookupDefines search specifications for user directory name spaces. The Attribute Authority uses the search specification to locate the user locally. The search specification must include the NameID of the subject from the attribute query to locate the user.Enter a search specification in the field for the namespace type you are using.At least one search specification are required