OpenSAML user discussion

["Pantvaidya, Vishwajit" <>]

I have a working implementation of a saml relying party (RP) that supports the browser POST profile of SAML1.1. It can consume a SAML AttributeStatement which includes the email attribute e.g.

 

<saml:AttributeStatement>

…

<saml:Attribute AttributeNamespace="ns" AttributeName="email">

<saml:AttributeValue></saml:AttributeValue>

</saml:Attribute>

</saml:AttributeStatement>

 

I need to be able to consume a saml requests from SiteMinder that contain very different and more complex attribute content. Also I am told they cannot configure SiteMinder to send a request in my format. E.g. a sample SiteMinder request is as follows:

 

<saml:AttributeStatement>

            …

<saml:Attribute AttributeName="SMContent" AttributeNamespace="http://www.netegrity.com/SiteMinder">

<saml:AttributeValue>

<SM:SMContent xmlns:SM="http://www.netegrity.com/SiteMinder">

<SM:SMsession>…</SM:SMsession>

<SM:SMlogin>…</SM:SMlogin>

<SM:SMprofile>

<SM:NVpair>header:</SM:NVpair>

</SM:SMprofile>

</SM:SMContent>

</saml:AttributeValue>

</saml:Attribute>

</saml:AttributeStatement>

 

(from this request, it seems to me that SiteMinder has an SMContent object which the identifying party is serializing and sending as a saml attribute. The SMContent likely has a HashMap with the email which is being serialized into the NVpair element in xml)

 

Is there any recommended general purpose way to process different Attribute contents and extract the we need from that.

Alternatively are there any standards around Attribute content itself that we can implement and expect the identifying parties to follow?