如何在 SP 元数据中配置自定义属性 [英] How to configure Custom Attributes in SP metadata
问题描述
我了解到,在任何 SSO 解决方案中,如果 SP 需要任何其他属性,它可以使用 AttributeConsumingService 参数在其元数据中发布这些属性.现在可以添加所需的属性,如下所示:
I came to know that in any SSO Solution if SP needs any additional attributes it can publish them in its metadata using AttributeConsumingService argument. The required attributes can now be added like as below:
<md:AttributeConsumingService index="0"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<md:ServiceName xml:lang="en">ABC</md:ServiceName>
<md:ServiceDescription xml:lang="en">ABC</md:ServiceDescription>
<md:RequestedAttribute isRequired="true"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="urn:oid:2.5.4.42"
FriendlyName="FirstName"/>
</md:AttributeConsumingService>
现在,如果我想在我的 SP 元数据中添加一个自定义属性,比如说用户的角色",我应该如何将它添加到元数据中?我的意思是,它的名称是什么(这是我无法找到的!),NameFormat(是 urn:oasis:names:tc:SAML:2.0:attrname-format:uri 吗?)和 FriendlyName(我可以给它在这里是角色"?).我在 SAML2Core 文档中没有找到与此相关的任何内容.
Now, if I want to add a custom attribute in my SP metadata, lets say "Role" of a user, how should I add it in the metadata? I mean, what would be its Name(this is what I'm unable to find!), NameFormat(is it urn:oasis:names:tc:SAML:2.0:attrname-format:uri?) and FriendlyName(can I give it as "Role" here?). I've not found anything related to this in the SAML2Core document.
请提出任何建议!
谢谢,
阿比拉什
推荐答案
没有统一的答案,因为这取决于您使用的 IDP/联盟及其支持的内容.
There is no universal answer as it depends on which IDP/federation you use and what is supported by it.
一般来说,友好名称只是一个人类可读的属性标识符,其值可以自由定义.
Generally, the friendly name is just a human-readable identifier for the attribute and the value can be freely defined.
NameFormat 和 Name 是根据您的 IDP 使用的属性配置文件定义的(例如基本配置文件、X.500/LDAP 配置文件等).预期值可以在 SAML 2.0 中找到配置文件第 8 章.
The NameFormat and Name are defined based on Attribute Profile used by your IDP (e.g. Basic profile, X.500/LDAP Profile, ...). The expected values can be found in SAML 2.0 profiles document chapter 8.
您可以找到一个在实践中如何使用它的示例,例如inCommon federation 在他们的文档中.
You can find an example of how this is employed in practice for e.g. inCommon federation in their documentation.
这篇关于如何在 SP 元数据中配置自定义属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
