How to retrieve user attributes through SAML in WSO2 Identity Server

Question

I'm doing a sample webapp that authenticates against WSO2 Identity Server through SAML. It works fine but now I wanted to retrieve user attributes and roles for authorization and I'm completely lost.

Reading some SAML docs I know that I must send an AttributeQuery request but not how and I've made up that I should use a SOAP request but I don´t know how the server works. I don´t know if WSO2-IS offers a web service or other method. If yes, which would be the wsdl URL to generate the client? And if not, which method should I follow. It could be also possible that the same authentication response includes the user attributes.

Thank you for your help and sorry if the solution is obvious. I haven't found anything about this in your docs and I'm not familiar with security enviromnents and I don´t understand all the options the admin console shows.

Answer 1

While attribute request can be sent to get the details of one or more user attributes, you can get all the information through one call (authentication request) - all the attributes of the user (attributes in the default profile) and the roles of the user.

There is a basic demo application available.

To get attributes, you should use WSO2 4.0 M8 release (which supports the attribute profile). Once a Service Provider is registered, we can select the required attributes that should be returned. More information about this and the link to get the WSO2 4.0 M8 release can be got from the comment section of "SAML2.0 SSO with the WSO2 Identity Server".