Federation Security Services Guide › Authenticate SAML 2.0 Users at the Service Provider › Supply SAML Attributes as HTTP Headers

Supply SAML Attributes as HTTP Headers

An assertion response may include attributes in the assertion. These attributes can be supplied as HTTP header variables and used by a client application can use these headers for finer grained access control.

The benefits of including attributes in HTTP headers is as follows:

• HTTP headers are not persistent. They are present only within the request or response that contains them.
• HTTP headers, as supplied by the SiteMinder Web Agent, are not seen by the user's browser, which reduces security concerns.

Note: The HTTP headers have size restrictions that the attributes cannot exceed. Federation Security Services can send an attribute in a header up to the web server size limit for a header. Only one assertion attribute per header is allowed. See the documentation for your web server to determine the header size limit.