This page will list all the SAML2 attributes that SURFconext and their Identity Providers have to offer. An attribute is a characteristic that describes a user. It is a 'name:value' pair. The attributes included in the SAML assertion correspond to certain attributes a service provider needs to work properly. In genereal they are needed to:
- Convey user information from the Identity provider or IdP to the service provider
- Create an account for the user at the service provider
- Authorize specific services at the service provider
Now, when
| Info |
|---|
See for the attribute best practice: Attribute best practice |
When a user logs in to a Service Provider, SURFconext sends a SAML assertion to the Service Provider, containingthat contains a:
- User identifier. Al services reveice these and are either a configurable Transient or Persistent NameID.
and Additional attributes. These are optional and differ per Service.
- user identifier (transient/persistent NameID)
additional attributes (optional)
| Note |
|---|
SURFconext's SAML2 implementation adheres to the SAML2int standard 0.2.1. |
...
| Info |
|---|
Before you start digging into the theoretical stuff on this page, you might want to start with our 'best practice' page for an introduction and how attributes are best used. |
| Table of Contents |
|---|
User identifiers
...