Thanks for your answer. But isn't there a documentation or instruction, how to do it? For me it's a basic functionality, so i would expect picketlink to do it for me and i just have to configure the needed attributes somewhere?!
I think, i have misunderstood the SAML-Specification for version 2.0. The AttributeQuery can't be sent together or within an AuthnRequest. So here is my new question:
We have to create an Extensions-element within the AuthnRequest-element like this:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>"
//set the service url (response redirect url).
//set the response protocol binding Possible values are
//urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect =Get redirect inflated
//urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST =Post redirect base64 encoded
IssueInstant="2011-06-22T14:46:56.671+02:00" Version="2.0" ID="b7f64723-d0b8-4642-b995-c8e7f7666df7" IsPassive="true" ForceAuthn="true">
//add your needed attributes via ClaimType
<sct:ClaimType xmlns:sct="myType1" sct:Uri="myType_name1" />
<sct:ClaimType xmlns:sct="myType2" sct:Uri="myType_name2" />
Is there a handler we can use for this?