|
|
|
Attributes can provide information about a user requesting access to a resource at a Resource Partner. An attribute statement passes user attributes, DN attributes, or static data from the Account Partner to the Resource Partner in a SAML assertion. Any configured attributes are included in the assertion in one <AttributeStatement> element or the <EncryptedAttribute> element in the assertion.
Note: Attributes statements are not required in an assertion.
Attributes can be used by servlets, Web applications, or other custom applications to display customized content or enable other custom features. When used with Web applications, attributes can implement fine-grained access control by limiting what a user can do at the Resource Partner. For example, you can send an attribute variable called Authorized Amount and set it to a maximum dollar amount that the user can spend at the Resource Partner.
Attributes take the form of name/value pairs. When the Resource Partner receives the assertion, it takes the attribute values and makes them available to applications. Attributes can be made available as HTTP Headers or HTTP Cookies.
The HTTP headers and HTTP cookies have size restrictions that assertion attributes cannot exceed. The size restrictions are as follows:
You configure attributes in the Attributes tab of the Resource Partner Properties dialog box. This involves choosing an Attribute Kind then filling in values for the variable name and attribute value.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |