Previous Topic: Attribute Query SupportNext Topic: SSO Configuration Overview

Single Sign-On ServiceSSO Getting Started GuideSSO Service Tasks and FeaturesProxied Attribute Query Support

Proxied Attribute Query Support

Proxied attribute query support is an addition to the standard attribute query support. This feature extends the search for attributes by passing queries to external IdPs.

The search for attributes proceeds in the following order:

  1. User directories.
  2. Session store.
  3. External IdP, only if the attribute is not found in the user directory or session store, and if the user was initially authenticated by an external SAML 2.0 IdP.

    The SSO service queries the external IdP. If the external IdP finds the attribute, it responds to the SSO service with a query response. The SSO service adds the attributes from the external IdP to the session store. The SSO service returns the response with the attributes to the attribute requestor.

A hosting administrator can enable the proxied attribute query feature on a per-partnership basis.