-
1. Re: Create the AttributeQuery-Element
anil.saldhana May 14, 2012 5:18 PM (in response to firstlion)https://github.com/picketlink/federation/tree/master/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/protocol is the package that you need to find the necessary objects.
-
2. Re: Create the AttributeQuery-Element
firstlion May 15, 2012 1:15 AM (in response to anil.saldhana)Thanks for your answer. But isn't there a documentation or instruction, how to do it? For me it's a basic functionality, so i would expect picketlink to do it for me and i just have to configure the needed attributes somewhere?!
Martin
-
3. Re: Create the AttributeQuery-Element
firstlion May 15, 2012 5:59 AM (in response to firstlion)I think, i have misunderstood the SAML-Specification for version 2.0. The AttributeQuery can't be sent together or within an AuthnRequest. So here is my new question:
We have to create an Extensions-element within the AuthnRequest-element like this:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>"
<AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:protoco\" xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns3=http://www.w3.org/2000/09/xmldsig# xmlns:ns4="http://www.w3.org/2001/04/xmlenc#"
//set the service url (response redirect url).
AssertionConsumerServiceURL="[response URL]"
//set the response protocol binding Possible values are
//urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect =Get redirect inflated
//urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST =Post redirect base64 encoded
ProtocolBinding="[binding]"
IssueInstant="2011-06-22T14:46:56.671+02:00" Version="2.0" ID="b7f64723-d0b8-4642-b995-c8e7f7666df7" IsPassive="true" ForceAuthn="true">
<Extensions>
<wst:Claims xmlns:wst=http://docs.oasis-open.org/ws-sx/ws-trust/200512" wst:Dialect=http://schemas.xmlsoap.org/ws/2005/05/identity">
//add your needed attributes via ClaimType
<sct:ClaimType xmlns:sct="myType1" sct:Uri="myType_name1" />
<sct:ClaimType xmlns:sct="myType2" sct:Uri="myType_name2" />
</wst:Claims>
</Extensions>
</AuthnRequest>
Is there a handler we can use for this?
Thanks again,
Martin