OpenSAML user discussion

["Scott Cantor" <>]

> I am very new to SAML. I recently started to use opensaml to implement 
> the Single-Sign-On solution for my company. I need to pass the following
> data:
>  srcUserID, destUserID, userEmailAddr
> to the destination website. The SAML POST Profile is preferred.
> 
> What is the best place to stick the data in the SAML Response string?

Well, it sounds like you want to include SAML Attributes in the response, so
you would either create a second assertion to include or attach an
AttributeStatement to the SSO assertion that you create for the POST
profile.
 
> The following is the SAML response string that I am able to use 
> SAMLPOSTProfile::prepare() to generate so far:

You won't be able to use the shortcut method to do this. The prepare method
is designed to make it simple to generate the data needed for the POST
profile. It doesn't have the flexibility to let you include additional
statements or assertions in the response.

Instead, consider just creating the response and the assertions directly,
and be sure to follow the rules of the profile. You could even copy much of
the code out of the prepare method.

I suspect in a future point release I'll probably add more flexibility to
the POSTProfile class, though.

-- Scott