IDP - Attributes in SAML assertion

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

IDP - Attributes in SAML assertion

Fabio Falcone
HI,
I have a OpenAM infrastructure as IDP and integration work correctly with the SP through some user attributes in the SAML assertion on OpenDJ.

Now I need to map in the SAML asserton a Session Token received in the authentication phase from an exeternal Web Method, how can I put it inside the SAML attributes ?

Thanks for the support.

Pass

_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: IDP - Attributes in SAML assertion

Bernhard Thalmayr
By default you can not use the SSOTokenId as an attribute statement in a
SAML assertion as it's a 'private' property of the SSOSession.

However you could write your own IdP attribute mapper
(https://backstage.forgerock.com/static/docs/openam/13.5/apidocs/com/sun/identity/saml2/plugins/IDPAttributeMapper.html)

-Bernhard

Am 28/11/16 um 10:45 schrieb Pass:

> HI,
> I have a OpenAM infrastructure as IDP and integration work correctly
> with the SP through some user attributes in the SAML assertion on OpenDJ.
>
> Now I need to map in the SAML asserton a Session Token received in the
> authentication phase from an exeternal Web Method, how can I put it
> inside the SAML attributes ?
>
> Thanks for the support.
>
> Pass
>
>
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>


--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

[hidden email] - Solution Architect
http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr

This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam