question

AliceFavre-5368 avatar image
0 Votes"
AliceFavre-5368 asked sikumars-msft commented

Can Azure support AttributeQuery profile of SAML2?

Hello,


We would like to use Azure AD to answer AttributeQuery requests in SAML2, so that the number of attributes (and their choice) sent back, can be dependant of the connecting SP. For example:
- for SP1 I only want to distribute Attribute2 and Attribute 3,
- for SP2 I only want to send it back Attribute1.
- ...
- for SPn I want to send it Attribute X, ..., Attribute Y, Attribute Z

I only want to use a single Entreprise Application.

In SAML2 AttibuteQuery profile allows you to send in every Request the list of attributes you want to receive back from the IdP.

Does Azure supports something like this ?


Thanks in advance,



azure-ad-saml-sso
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AliceFavre-5368,

Thanks for reaching out.

As far as I remember, Azure AD doesn't support Attribute Query profile with SAML protocol. However, double checking with product group to get authoritative answer, will keep you updated. Thanks

0 Votes 0 ·

@AliceFavre-5368,,

I'm still waiting for an update from product group meanwhile could you please confirm, what do you mean by SP? Service Principal or Service Provider ? Thanks.

0 Votes 0 ·

Hello,

By SP we mean Service Provider.

Many thanks for the answer,

1 Vote 1 ·

Hello, I have checked with our product group and understand that Azure AD doesn't support Attribute Query profile. Therefore, only supported way is to add specific claim to respective application using claim mapping. To know more about : https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customization

0 Votes 0 ·

@AliceFavre-5368, Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Thanks,

0 Votes 0 ·

1 Answer

sikumars-msft avatar image
0 Votes"
sikumars-msft answered

Hello @AliceFavre-5368,

Thanks for reaching out.

Azure AD doesn't support Attribute Query profile. Therefore, only supported way is to add specific claim to respective application using claim mapping. To know more about : https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customization

Hope this helps.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.