Introduction
Looking to implement a solution where i we have an SAML2 SP(local)->SAML2 IDP(remote) partnership created. Now when IDP generates the SAML assertion with a set of attributes we would like to send the same attributes in different HTTP Request Headers.
Product documentation:
https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2052%20SP1-ENU/Bookshelf_Files/HTML/idocs/application-integration.html#o1904894
I was able to implement the above using the instructions mentioned, but when we change the redirect move to HTTP Header then i don't seem to receive any headers from the SAML assertion . But strangely when we change the redirect mode to Cookie then we could see the parameters sent in assertion set as HTTP Cookie variable.
Is there something missing regarding the configuration for HTTP Header?
1) Navigate to web_agent_home/conf and modify the WebAgent.conf file. Uncomment the following entry so it appears as follows: LoadPlugin="path/SAMLDataPlugin.so"
2)Do one of the following tasks in the Application Integration step of the partnership wizard:
Select HTTP Headers as the Redirect Mode for the target application.
Background
Instructions
If you want to include additional attributes, you will have to modify the Partnership on the IDP and add the attributes you would like to be sent to the agent:
For example:
=> Screenshot of Partneership -> Assertion Configuration -> Assertion Attributes
In the above, I have included an assertion attribute(lname) of type user attribute and gave it a value of LastName.
The result is that, this assertion attribute is sent to the client as below:
HTTP_AUTHNCONTEXT urn:oasis:names:tc:SAML:2.0:ac:classes:Password
HTTP_FORMAT urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
HTTP_NAMEID Robm
HTTP_LNAME Moore
Additional Information