shibboleth-dev - Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication
Subject: Shibboleth Developers
List archive
Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication
Chronological Thread
- From: "Tom Scavo" <>
- To:
- Subject: Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication
- Date: Mon, 27 Oct 2008 13:28:05 -0400
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=OcnHosVtNyqgP1p2Opu9SRLRd0HKZ6nnpCjq9qiom3xCP5fqZ/LKaQXPLmZ/gt8lW2 2sXvYpkCzhTxT8RFN3uUwY1x2vQqlwq645D4/Arn5jg4poViu4prnQzp+cWWXH6ZIH6c zfQnUodvm2SscnWmwm5Q9Ycfxeu5jbBsiO5q4=
On Mon, Oct 27, 2008 at 1:00 PM, Scott Cantor
<>
wrote:
>
>> 1/ As part of AuthnRequest you can't specify the attributes required.
>> Attribute Query/Response is the thing to use for this. [Please correct me
> if
>> I misunderstood the spec]
>
> That's not really true. You can put them in the SP's metadata, which is
> similar to how Cardspace works. The fact that people don't use that feature
> is the biggest reason I'm skeptical of an extension to list them in an
> AuthnRequest. The number of cases where that would be required and using
> metadata wouldn't work is fairly small, I think.
Well, metadata is largely unsupported outside of higher ed and
relatively inflexible anyway. The latter, in particular, makes
metadata unsuitable for specifying attribute requirements. Moreover,
when you consider other use cases beyond Web Browser SSO (e.g., the
case in which the presenter is the SAML requester), metadata doesn't
even exist. So all things considered, it's a good idea to support
attributes in AuthnRequest. This was simply an oversight in the SAML
spec (which was necessarily focused on Web Browser SSO).
Tom
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, (continued)
- Message not available
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Dharam Veer, 10/27/2008
- RE: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Scott Cantor, 10/27/2008
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Steven_Carmody, 10/27/2008
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Chad La Joie, 10/27/2008
- Message not available
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Dharam Veer, 10/27/2008
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Tom Scavo, 10/27/2008
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Dharam Veer, 10/27/2008
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Tom Scavo, 10/27/2008
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Dharam Veer, 10/27/2008
- Message not available
- RE: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Scott Cantor, 10/27/2008
- Message not available
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Tom Scavo, 10/27/2008
- RE: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Scott Cantor, 10/27/2008
Archive powered by MHonArc 2.6.16.