Limit attributes required in metadata?

4 views
Skip to first unread message

Emmanuel Dreyfus

unread,
Aug 27, 2025, 3:24:31 AM (9 days ago) Aug 27
to simple...@googlegroups.com
Hello

Sorry if this is a stupid question, but is it possible to
configure the hosted IdP so that it sends only attributes that
are listed in remote SP metadata's attributes.required?

I vaguely recall such a feature, but found nothing close
when reading the code. A third-party plugin, perhaps?

--
Emmanuel Dreyfus
ma...@netbsd.org

Tim van Dijen

unread,
Aug 27, 2025, 6:11:32 AM (9 days ago) Aug 27
to SimpleSAMLphp
Hey Emmanuel,

You can use the `attributes` key in the SP metadata. It's documented here:
https://github.com/simplesamlphp/simplesamlphp/blob/49466d4ee2c9da2345c1f35f753b0750e224d23e/modules/saml/docs/sp.md?plain=1#L116-L141

Alternatively you can use the core:AttributeLimit authproc-filter to do the same:
https://github.com/simplesamlphp/simplesamlphp/blob/master/modules/core/docs/authproc_attributelimit.md

- Tim

Op woensdag 27 augustus 2025 om 09:24:31 UTC+2 schreef ma...@netbsd.org:
Reply all
Reply to author
Forward
0 new messages