Limit attributes required in metadata?
4 views
Skip to first unread message
Emmanuel Dreyfus
Aug 27, 2025, 3:24:31 AM (9 days ago) Aug 27
to simple...@googlegroups.com
Hello
Sorry if this is a stupid question, but is it possible to
configure the hosted IdP so that it sends only attributes that
are listed in remote SP metadata's attributes.required?
I vaguely recall such a feature, but found nothing close
when reading the code. A third-party plugin, perhaps?
--
Emmanuel Dreyfus
ma...@netbsd.org
Sorry if this is a stupid question, but is it possible to
configure the hosted IdP so that it sends only attributes that
are listed in remote SP metadata's attributes.required?
I vaguely recall such a feature, but found nothing close
when reading the code. A third-party plugin, perhaps?
--
Emmanuel Dreyfus
ma...@netbsd.org
Tim van Dijen
Aug 27, 2025, 6:11:32 AM (9 days ago) Aug 27
to SimpleSAMLphp
Hey Emmanuel,
You can use the `attributes` key in the SP metadata. It's documented here:
https://github.com/simplesamlphp/simplesamlphp/blob/49466d4ee2c9da2345c1f35f753b0750e224d23e/modules/saml/docs/sp.md?plain=1#L116-L141
Alternatively you can use the core:AttributeLimit authproc-filter to do the same:
https://github.com/simplesamlphp/simplesamlphp/blob/master/modules/core/docs/authproc_attributelimit.md
- Tim
https://github.com/simplesamlphp/simplesamlphp/blob/49466d4ee2c9da2345c1f35f753b0750e224d23e/modules/saml/docs/sp.md?plain=1#L116-L141
Alternatively you can use the core:AttributeLimit authproc-filter to do the same:
https://github.com/simplesamlphp/simplesamlphp/blob/master/modules/core/docs/authproc_attributelimit.md
- Tim
Op woensdag 27 augustus 2025 om 09:24:31 UTC+2 schreef ma...@netbsd.org:
Reply all
Reply to author
Forward
0 new messages