Looking to implement a solution where i we have an SAML2 SP(local)->SAML2 IDP(remote) partnership created. Now when IDP generates the SAML assertion with a set of attributes we would like to send the same attributes in different HTTP Request Headers.
I was able to implement the above using the instructions mentioned, but when we change the redirect move to HTTP Header then i don't seem to receive any headers from the SAML assertion . But strangely when we change the redirect mode to Cookie then we could see the parameters sent in assertion set as HTTP Cookie variable.
Is there something missing regarding the configuration for HTTP Header?
1) Navigate to web_agent_home/conf and modify the WebAgent.conf file. Uncomment the following entry so it appears as follows: LoadPlugin="path/SAMLDataPlugin.so"
2)Do one of the following tasks in the Application Integration step of the partnership wizard:Select HTTP Headers as the Redirect Mode for the target application.
Check if additional attributes are passed as indicated in the guide:
The following additional values are passed as headers:
Look for these attributes in the header dump as below:
HTTP_AUTHNCONTEXT urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordHTTP_FORMAT urn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedHTTP_NAMEID Robm
If you want to include additional attributes, you will have to modify the Partnership on the IDP and add the attributes you would like to be sent to the agent:
=> Screenshot of Partneership -> Assertion Configuration -> Assertion Attributes
In the above, I have included an assertion attribute(lname) of type user attribute and gave it a value of LastName.
The result is that, this assertion attribute is sent to the client as below:
More information on this topic could be found on the following community thread :