Reputation: 5384
NameID , Assertion Attributes - Which one should I use and what they mean
I am doing an exercise of integrating my ASP.NET site with a IDP that sends SAML 2.0. Just now I have figured out all nitty gritty and got a 1000 feet view + how all things are wired up.
Now IDP team asks me what User Information I need , I obviously Know what I want but they had put a choice of If I need to use NameID or assertion attributes.
I know from these links link 1 , SAML 2.0 that NameID is a representation of current logged in user. So my question is just the NameID is not enough ? I need to request all additional information that I required about the user say Age, Address etc ? Or does NameID is capable of packaging all those information ?
Upvotes: 0
Views: 411
Answers (1)
Reputation: 46720
You can think of NameID as the primary key.
Refer: ADFS : Using the SAML NameID to map IdP / SP claims.
However, all NameID does is pass some attribute (I normally use email) in the NameID format. You can only pass one attribute in this format.
If you need anything else like last name, age, roles etc. you need to pass these as assertions.
Upvotes: 2
Related Questions
- SAML 2.0 Assertion request
- What to present at SAML EntityID URL?
- Difference between AssertionConsumerServiceURL , Destination , Consent in <saml:AuthnRequest>
- What is the NameID in SAML used for?
- Claims and SAML2 confusion
- SAML2.0 Assertions vs. SAML2.0 Messages
- What is the correct format for SAML 2.0 Assertions?
- SAML 2.0 SP metadata
- Usage of SAML attribute AttributeStatement
- How does processing a SAML assertion work?