Question

3
Replies
1791
Views
Close popover
Muthukumar Ponniahsamy (Muthu)
ING NV
Lead System Architect
ING NV
NL
Muthu Member since 2013 7 posts
ING NV
Posted: January 4, 2016
Last activity: January 21, 2016
Closed
Solved

Does pega support obtaining SAML assertions using SAML attribute request

Hi, In Redirect-Artifact binding to get a saml assertion,

I can see that Pega assertion consumer service supports obtaining the assertions (pre-prepared by the Idp) using the artifiact id by sent a back channel request to Idp's Artifact Resolution Service (ARS)

However, does Pega assertion consumer service support obtaining assertion by directly posting the attribute query request to the Idp's attribute authority? Please check block diagram in section 5.1 in attached


In this approach the request is in the below format

<samlp:AttributeQuery

   xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"

   xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

   ID="aaf23196-1773-2113-474a-fe114412ab72"

   Version="2.0"

   IssueInstant="2006-07-17T20:31:40">

   <saml:Issuer

   Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">

  CN=trscavo@uiuc.edu,OU=User,O=NCSA-TEST,C=US

   </saml:Issuer>

   <saml:Subject>

   <saml:NameID

   Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">

  CN=trscavo@uiuc.edu,OU=User,O=NCSA-TEST,C=US

   </saml:NameID>

   </saml:Subject>

   <saml:Attribute

   NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"

   Name="urn:oid:2.5.4.42"

   FriendlyName="givenName">

   </saml:Attribute>

   <saml:Attribute

   NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"

   Name="urn:oid:1.3.6.1.4.1.1466.115.121.1.26"

   FriendlyName="mail">

   </saml:Attribute>

  </samlp:AttributeQuery>



Security
Moderation Team has archived post,
Close popover This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.