Question

3
Replies
1761
Views
Muthu Member since 2013 7 posts
ING NV
Posted: January 4, 2016
Last activity: January 21, 2016
Closed
Solved

Does pega support obtaining SAML assertions using SAML attribute request

Hi, In Redirect-Artifact binding to get a saml assertion,

I can see that Pega assertion consumer service supports obtaining the assertions (pre-prepared by the Idp) using the artifiact id by sent a back channel request to Idp's Artifact Resolution Service (ARS)

However, does Pega assertion consumer service support obtaining assertion by directly posting the attribute query request to the Idp's attribute authority? Please check block diagram in section 5.1 in attached


In this approach the request is in the below format

<samlp:AttributeQuery

   xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"

   xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

   ID="aaf23196-1773-2113-474a-fe114412ab72"

   Version="2.0"

   IssueInstant="2006-07-17T20:31:40">

   <saml:Issuer

   Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">

  CN=trscavo@uiuc.edu,OU=User,O=NCSA-TEST,C=US

   </saml:Issuer>

   <saml:Subject>

   <saml:NameID

   Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">

  CN=trscavo@uiuc.edu,OU=User,O=NCSA-TEST,C=US

   </saml:NameID>

   </saml:Subject>

   <saml:Attribute

   NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"

   Name="urn:oid:2.5.4.42"

   FriendlyName="givenName">

   </saml:Attribute>

   <saml:Attribute

   NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"

   Name="urn:oid:1.3.6.1.4.1.1466.115.121.1.26"

   FriendlyName="mail">

   </saml:Attribute>

  </samlp:AttributeQuery>



Security
Moderation Team has archived post
Share this page LinkedIn