When acting as a Service Provider and using CA SSO as the SAML Endpoint consuming Assertions, a good thought needs to be given in terms of how do we retain attributes OR do we need to retain attributes OR how long do we need to retain attributes.
Currently there are two different ways CA SSO Federation capability can present Attributes from SAML Assertion to End Application.
- Using HTTP Header Redirect Mode.
- Persist Session Variables.
Both of these options does the same end goal. How is then one different from the other. I would not say that one approach is superior OR better than the other, it really depends on the context of design and requirement, one would gain the upper hand in any given situation. For me something HTTP Header Redirect works good, at other times Persist Session Variables.
A good use case for review : Know How : SMSAMLDATA Plugin and SM_ Headers to set some context.
Regards
Hubert