Configuration Guides › Federation Security Services Guide › Configure SOA Security Manager as a Resource Partner › Supply SAML Attributes as HTTP Headers

Supply SAML Attributes as HTTP Headers

An assertion response can include attributes in the assertion. These attributes can be supplied as HTTP header variables and used by a client application can use these headers for finer grained access control.

The benefits of including attributes in HTTP headers are as follows:

• HTTP headers are not persistent. They are present only within the request or response that contains them.
• HTTP headers, as supplied by the SOA Security Manager Web Agent, are not visible in the browser, which reduces security concerns.

Note: The HTTP headers have size restrictions that the attributes cannot exceed. SOA Security Manager can send an attribute in a header up to the web server size limit for a header. Only one assertion attribute per header is allowed. See the documentation for your web server to determine the header size limit.