Does pega support obtaining SAML assertions using SAML attribute request
Hi, In Redirect-Artifact binding to get a saml assertion,
I can see that Pega assertion consumer service supports obtaining the assertions (pre-prepared by the Idp) using the artifiact id by sent a back channel request to Idp's Artifact Resolution Service (ARS)
However, does Pega assertion consumer service support obtaining assertion by directly posting the attribute query request to the Idp's attribute authority? Please check block diagram in section 5.1 in attached
In this approach the request is in the below format
<samlp:AttributeQuery
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="aaf23196-1773-2113-474a-fe114412ab72"
Version="2.0"
IssueInstant="2006-07-17T20:31:40">
<saml:Issuer
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">
[email protected],OU=User,O=NCSA-TEST,C=US
Hi, In Redirect-Artifact binding to get a saml assertion,
I can see that Pega assertion consumer service supports obtaining the assertions (pre-prepared by the Idp) using the artifiact id by sent a back channel request to Idp's Artifact Resolution Service (ARS)
However, does Pega assertion consumer service support obtaining assertion by directly posting the attribute query request to the Idp's attribute authority? Please check block diagram in section 5.1 in attached
In this approach the request is in the below format
<samlp:AttributeQuery
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="aaf23196-1773-2113-474a-fe114412ab72"
Version="2.0"
IssueInstant="2006-07-17T20:31:40">
<saml:Issuer
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">
[email protected],OU=User,O=NCSA-TEST,C=US
</saml:Issuer>
<saml:Subject>
<saml:NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">
[email protected],OU=User,O=NCSA-TEST,C=US
</saml:NameID>
</saml:Subject>
<saml:Attribute
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="urn:oid: Proprietary information hidden"
FriendlyName="givenName">
</saml:Attribute>
<saml:Attribute
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="urn:oid: Proprietary information hidden.4.1.1 Proprietary information hidden.26"
FriendlyName="mail">
</saml:Attribute>
</samlp:AttributeQuery>
ING NV
NL
Hi All,
We had changed the approach from attribute query to artifact resolution.
Also, Based on our experience and Kevin's response, pega SAML 2.0 cannot directly post attribute query and can only resolve an assertion by posting a artifact token id.
Thanks
Muthu