I am planning on adding an attribute provider for SAML 1.1, similar to SAML 2.0. This would be in the ws-trust SAML 1.1 provider. For the assertion providers (SAML11AssertionTokenProvider and SAML20AssertionTokenProvider), how does it add extra attributes? Use case would be that the assertion consumer service requires extra attribute or a different role from what is provided by the principal.
As for the IDPWebBrowserSSOValve, it should:
- include signature?
- return with html form and post similar to SAML 2.0 for Browser/Post profile?
Thanks in advance,
Looks like at this time, we are adding the attributes in the SAML2AuthenticationHandler to the SAML assertion.
I do not think there is anything stopping anyone from writing a STS token provider that takes care of attributes also.
Looks like we have a JIRA issue for this: https://issues.jboss.org/browse/PLFED-187