OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Returning user roles in the Assertion

Hi,
 We are developing a SAML 2 service provider and we are proposing that IDP's return user's roles in the SAML <Assertion> as an attribute (within <AttributeStatement>) as part of authentication response itself.

I would like to know:
1) What is the best practice for sending user roles from IDP to SP.
2) What are some of the widely used approaches (if not best practice) for sending user roles from IDP to SP.

Thanks,
Vasu

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]