Attributes can provide information about a user requesting access to a Resource Partner resource. An attribute statement passes user attributes, DN attributes, or static data from the Account Partner to the Resource Partner in a SAML assertion. Any configured attributes are included in the assertion in one <AttributeStatement> element or the <EncryptedAttribute> element in the assertion.
Note: Attribute statements are not required in an assertion.
Servlets, web applications, or other custom applications use attributes to display customized content or enable other custom features. When used with web applications, attributes can implement fine-grained access control by limiting user activity at the Resource Partner. For example, you can send an attribute variable named Authorized Amount set to a maximum dollar amount. The amount is the limit that the user can spend at the Resource Partner.
Attributes take the form of name/value pairs. When the Resource Partner receives the assertion, it makes the attribute values available to applications.
Attributes can be made available as HTTP Headers or HTTP Cookies.
The HTTP headers and HTTP cookies have size restrictions that assertion attributes cannot exceed. The size restrictions are as follows:
|
Copyright © 2012 CA.
All rights reserved.
|
|