|
|
|
In the Attributes tab, you configure the attributes that the SAML Requester can retrieve from an Attribute Authority. These attributes will be included in the attribute query sent to the Attribute Authority.
The dialog contains the following fields and controls:
Supported Attributes Group Box
Lists the attributes that can be requested from a SAML Attribute Authority along with the associated script stored in the policy store.
Attribute Query Group Box
Checks to generate attribute queries.
Instructs the SAML Requester to sign the attribute query prior to sending it to the Attribute Authority.
Indicates that the SAML Requester only accepts attribute assertions that are signed by the Attribute Authority. The assertion is rejected if it is not signed.
URL of the Attribute Service at the Attribute Authority. Must be a valid URL of less than 1024 characters.
Indicates that the attribute query should retrieve all attributes configured a the Attribute Authority. Checking this box results in an attribute query without any attributes; however, the Attribute Authority returns all the configured attributes, that is, attributes associated with the Attribute Service retrieval method.
In some cases, checking this box avoids some performance overhead because less checking is done when constructing the query and verifying that requested attributes are still valid at the Attribute Authority. However, if there are a large number of configured attributes at the Attribute Authority and encryption is used, then checking this box might degrade performance.
Add/Edit Attribute Dialog
Specifies the unique local name of the attribute used only by the authentication scheme and the federation attribute variables that you configure. The value of this field must match the Local Name field for the federation attribute variable, which is used in the policy expression that will be used when configuring the authentication scheme. Enter a unique alphanumeric string between 1 and 1024 characters.
Note: You can have attributes with the same name but with different name formats.
The Local Name field enables you to change the name of the requested attribute without changing the policy expression that protects the resource.
Example:
Attribute configuration:
Federation Attribute Variable configuration:
Policy expression:
If you change only the Attribute Name from phone to title, only the requested attribute changes; the federation variable and the policy expression do not have to change.
Specifies the unique name that the SAML requester includes in the attribute query. This value must match the value of the Variable Name field specified for an attribute configured at the Attribute Authority.
Defines the format of the attribute. The options are:
Refer to the SAML 2.0 specification for definitions of these formats.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |