SAML IDP Requirements - Attributes, v1.0

The attribute requirements for achieving basic SAML interoperability when implementing an Identity Provider.

Assessment Steps (3)

1
Valid Attribute Statement (ValidAttributeStatement)
Does the system include an appropriate Attribute Statement in SAML Assertions? There must be no Encrypted Attributes.
Artifact
Sample SAML Assertion
Provide a sample SAML Assertion showing that the system does not generate Encypted Attributes.
2
Valid Attribute NameFormat (ValidAttributeNameFormat)
Are all SAML Attribute NameFormats specified as urn:oasis:names:tc:SAML:2.0:attrname-format:uri?
Artifact
Sample SAML Attribute Statement
Provide a sample SAML Attribute Statement as XML/Text showing NameFormats of urn:oasis:names:tc:SAML:2.0:attrname-format:uri.
3
Valid Attribute Values (ValidAttributeValues)
Are all SAML Attribute Values encoded as XML Strings? This requires the type to be specified as string or to not be specified as a different type.
Artifact
Sample SAML Attribute Statement
Provide a sample SAML Attribute Statement as XML/Text showing Attribute Values that have an XML String format or have an unspecified format.

Conformance Criteria (3)

Valid Attribute Statement
Every SAML Assertion generated by the system MUST include an AttributeStatement that includes no Encrypted Attributes and only the Attributes requested by the Relying Party.
Citation
NIEF
Discussion/Review
Valid Attribute NameFormat
Every SAML attribute generated by the system MUST be set to use the SAML Attribute NameFormat urn:oasis:names:tc:SAML:2.0:attrname-format:uri.
Citation
NIEF
Discussion/Review
Valid Attribute Values
The system MUST encode all SAML attribute values as XML strings.
Citation
NIEF
Discussion/Review