Reputation: 515
Saml2.0 and data requested by Service Provider
Until now i've used openid-connect and now would like to understand how saml works.
I'm not sure how and where SAML Assertion are defined. I know that these are part of the response of the Idp. But is it possible for a ServiceProvider to reqeust specific data (like claims via oidc) of a user?
Let's say a user has an id, firstname, lastname and email. Is it possible for the service provider just to request a subset of these information? Or are these claims defined on the Idp and maybe even limited for each service provider? The worst case i can think about would be that an Idp returns always all information of an user to a service provider...
Upvotes: 0
Views: 20
Answers (1)
Reputation: 46720
Typically these are configured on the IDP.
In ADFS e.g. they are defined by claims rules on the IDP.
In SAML there is a "special" claim called NameID which is mandatory.
Essentially it acts as a primary key mapping two systems together.
Upvotes: 1
Related Questions
- SAML metadata negotiation process
- Service provider implementation with SAML 2 and Java
- SAML between existing account and service provider
- SAML consumer URL
- How does a SAML Service Provider match an IDP metadata information?
- How does SAML work in relation to an application that is not a service provider?
- SAML 2.0 service provider implementation
- SAML 2.0 SP metadata
- SAML Service Provider Security
- SAML: Communication between Service Providers?