Adding Outgoing SAML Assertion Attributes Sent to Service Providers
Control which SAML IDP Attributes are included in the outgoing SAML Assertion sent to SAML Service Providers.
Prerequisites
Add Outgoing SAML Assertion Attributes
Select OAuth > Tokens & Claims > Claims > SAML Assertion Attributes > + ADD CLAIM.
Fill in the Add claim form with and select Add.
Parameter
Description
Claim name
Claim name in SecureAuth.
Source type
How the source value for the claim is retrieved. Authentication context is a set of attributes mapped from data sent by IDP acting on behalf of the user. Client means an application registered in SecureAuth. Workspace provides metadata about the workspace.
Source path
Specific attribute available in the source.
Output source path
Exact attribute name representing this claim in the token.
SAML Name
SAML attribute name issued with your Service Provider's assertion, for example
urn:oid:2.5.4.10.SAML Attribute Format
SAML attribute format, for example
urn:oasis:names:tc:SAML:2.0:attrname-format:uri.
The attribute will be included in the SAML Assertion sent to service providers.
Consider the following example:
 |
If we add an email attribute with source type set to AuthN Context, source path set to email, SAML name set to mail and with the SAML format set to urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified, the outgoing SAML Assertion sent to the Service Provider has the following attribute included:
<saml2:AttributeStatement>
<saml2:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">johndoe@example.com
</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>Next Steps
If your SAML IDP enables users to sign into OAuth-based client applications, be sure to define Token Claims as well.