SAMLv2 Attribute Authority Customization

SAMLv2 Attribute Authority contains the following attributes for customization:

• Signing and Encryption

• Attribute Service

• AssertionID Request

• Attribute Profile

• Cert Alias

• Subject Data Store

Signing and Encryption

Key Size

The length for keys used by the Attribute Authority entity when interacting with another entity.

Algorithm

The encryption algorithm used to interact with another entity.

Attribute Service

This attribute defines the URL endpoints that will receive attribute query requests. Location specifies the URL of the provider to which the request is sent. Mapper defines the SPI that finds the attribute mapping authority to return a list of attributes that will be included in a response. The SAMLv2–defined attribute query profiles are:

• Basic

• X509

AssertionID Request

Defines the URLs to which the AssertionIDs are sent from a client to an identity provider in order to retrieve the corresponding assertion. Location specifies the URL of the provider to which the request is sent. Mapper defines the SPI that finds the AssertionID mapping authority to return a list of attributes that will be included in a response. The bindings are:

• SOAP

• URI

Attribute Profile

Defines the type of SAMLv2–defined supported attribute profile. Basic is the default type.

Cert Alias

Defines the certificate alias elements. Signing specifies the provider certificate alias used to find the correct signing certificate in the keystore. Encryption specifies the provider certificate alias used to find the correct encryption certificate in the keystore.

Subject Data Store

Specifies the data store attribute name which contains the X509 subject DN. It is used to find a user whose attribute value matches the X. 509 subject DN. This field is used in the Attribute Query Profile for X. 509 subject only.