You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Adding SAML Attribute Statements to SAML Connections
In SAML transactions, identity providers make an assertion about an authenticated user's identity, encrypt and sign the assertion, and pass that data to a service provider. The service provider receives the assertion, validates and decrypts it, and makes an access control decision, granting or denying access to services as appropriate.
One component of an assertion is the attribute statement. Identity providers send attribute statements to service providers to convey information about the subject of the assertion. The SAML specification allows these attributes to be any type of agreed-upon information. Thus if you have a partnership with a service provider requiring a specific attribute to be sent (such as a Person's EmployeeID), you must add a SAML Attribute Statement with the required SAML attribute to your assertion.
In this topic, we demonstrate how to add an attribute statement to an SSO connection, and a new attribute for the attribute statement.
Add a SAML Attribute Statement to a SAML SSO Connection
On the navbar, expand Apps and Authentication > SSO Connections, and click SAML.
Search for the SAML Connection to which you want to add the SAML attribute statement and click the Display Name link for it.
On the Connections Details page, click the Display Name link to put the connection in Edit mode.
On the edit page for the SAML connection, click the Attributes tab.
Select Create a New SAML Attribute Statement and then select Create a SAML Attribute.
This opens the SAML Attribute dialog.Fill in the fields as needed and then click Add to close the SAML Attribute dialog.
Click Save.